开云体育

Chris,

In this case it /is/ problems with the email service that have

arisen, > ...

That is a point. Relying solely on email links to log in may not be a good option if you are having trouble with your email service.

Unfortunately in cases like Bart's it is a catch-22: there's no way to set up a password in the first place without the email link arriving on time at least once.

(c) "sign up" with a permanent password which will restore account
access via the web UI.

Which requires either of (a) or (b) ...

There is no (d) get the owner or a moderator to do "something".

There may be a (d) ask support to do "something". For cases like Bart's support could possibly create a temporary password or send a login link with an extended expiration time. I've not had the need to ask about that (thankfully).

... can anyone be /certain/ that a lost or stolen device can never be
used to gain access to Groups.io simply by not having a permanent
password set up?

No.

The login by email method is only as secure as your email account. If a crook gains access to your email by phishing, stealing your (unlocked) mobile device, or otherwise then your Groups.io account is exposed.

And that's true whether or not you've set up a password.

And that's true (for most services) even if there is no log in by email mechanism: the crook could simply request a password reset. If that operates without additional authentication then they are in. A typical protection against phishing or password guessing or the like is second-factor authentication*. But even that is of no help if the crook has physical access to your (unlocked) device - be it desktop or mobile.

I wonder if there is any mileage in requesting a method of
/cancelling/ a permanent password so that once normal email service is
restored a member can revert to requesting log - in links.

The two mechanisms are not exclusive. That is, one can always ask for login by email, whether or not you have set password. And in fact that's also the means by which you set a password in the first place, or reset it if you forget it.

I routinely use an email link to log in with my smartphone, but almost always use my password from the desktop. That choice is merely one of which is the more convenient (for me) on the respective type of device.

Shal
* See the Security page in your Groups.io account to set up Two-Factor Authentication.


--
Help: /static/help
More Help: /g/GroupManagersForum/wiki
Even More Help: Search button at the top of Messages list