Worst Nightmare lost both passwords


#1

Sigh. I am on the verge of the worse nightmare for a web hosting account. Recently, weirdness happened with both my main computer and my password journal. As I use long encrypted passwords, this means I do not have BOTH my DreamHost Account password and my primary email password.

There are no words for just how short sighted this is.

  1. I cannot get to my account to put in a call to DreamHost
  2. I cannot get to my email to accomplish a password change request
  3. DreamHost does not provide a phone number to call regarding this
  4. My computer is in the shop, praying for my hard drive to be okay

I am assuming that the DreamHost “send us a question” is partially automated. Trying to identify myself by account ID and email address may simply get be an Email Response which I CANNOT access, because I do not have my email password. Online chat with DH only works if one is logged in to one’s account.

I created an extra GMAIL email address so that I could create this DH Forum account so that I could write this thread you are now reading.

I did look in the DH Wiki, to see if I could find something under the heading “What do I do if I lose all/both of my passwords?” I did not spot anything.

In retrospect, this situation has to happen from time to time; natural disaster, theft, house fire, computer failure, etc. And dumb happens too if one loses the paper copy of one’s password journal at the same time.

I so rarely have problems that I almost never contact DH except when I am paying my bill. I have had an account for 10 years or there abouts. What is the simplest way to get the attention of a DH tech person? And, how does one get an entry for this particular problem in their help/wiki database?

Thank you sooooo much for any help on this,
and your prayers for my hard drive would be appreciated…

HernesHand…
[hr]
If anyone noticed that I momentarily posted my temp email address and forum password in the unedited version of this thread, rest assured that I have reset both passwords… could this day get any more weird…!! Also waiting to take my car in for 5 days worth or repairs…geeze…
[hr]
Well, I spotted the “contact us” link below the messages in this forum which directs email to "support@dreamhost.com" … so, in addition to sending something to them through their contact form on their website, I have sent them an email too. I have no idea how long it takes to get a response.

Has anyone else encountered this rather embarrassing state of affairs? I am far too old (61yo and have been making backups since 1974) to be living in this particular land of dumb; yet here I am.

This 10 year old laptop is actually functioning reasonable well, all things considered…

HH
[hr]
Oh lordy… sooooooo … DreamHost Support does not accept email to their "support@dreamhost.com" email address if the sender’s email is not in their database of customer email addresses. Apparently they get more spam than I do… I understand the dilemma…

So … that means people who encounter this situation, like I have, must use the DH contact form to attempt to solve this “worst nightmare” situation. Wish me luck people…

HH


#2

Hi There,

Thank you for contacting us for support, I apologize for any frustration. For help with log in info you can contact our account verification team here https://www.dreamhost.com/support/ be sure to use the “I’ve forgotten my password!” option and they will get back to you as soon as possible.

Thanks!
Matt C


#3

Thank you Matt, as I stumble around, I am getting better at “how does one function under these conditions.” I have now sent 3 messages through the contact form on the DH support webpage ~ not because I am impatient, but because I am slowly figuring out what I need to do to actually have a functioning communication channel in place. Now that I have a temporary email address created, I figure that might make things easier.

I appreciate your response here more than anyone might imagine.

Here’s to hoping that the shop downtown is able to recover my hard drive.

Thanks again,
HH
[hr]
Apparently this forum is a stand-in during the time I am not able to log in elsewhere.

I just noticed something odd regarding the CAPTCHA on the support request form webpage. I typed in my request and then typed in the first word shown for the CAPTCHA and clicked SEND before I remembered there are two words to type in the CAPTCHA … however, I did not get an error message nor a request to attempt the CAPTCHA again… odd.

And who wants to experiment with sending help requests to see if the CAPTCHA is not working right? Sigh. I did not get an email acknowledgement like I expected either…

HH


#4

Don’t worry — your message has gotten through.

Our account verification department should get back to you shortly with details on how you can verify your identity and reset your DreamHost account password.


#5

Thanks Andrew.

HH


#6

As it turns out, what happened to my computer is that the DVI side of the video card failed. I am told that the HDMI side of the video card still functions. It never occurred to me that such a thing would be possible; but the tech said he was able to run my computer on the HDMI but the DVI failed. A backup of my harddrive (user) was made, and my password database extracted so that I can continue on this old laptop while I wait for a new (HDMI capable) monitor to arrive…

I still wonder how many people go through a catastrophic lost of computer and passwords. This matters for all types of online services, not just a simple webhost service like DreamHost.

If the worst case scenario played out, in my case my first line of resolution is to interact with DreamHost to gain access to my account. I have a lot of passwords to bill paying, shopping, social media, Internet services, etc. That is a lot of time potentially, to endeavor to recover.

This also makes me think about what DreamHost and other service providers do in the case of a death of a client. Every service needs to have a policy and protocol in place. We all die, and families and corporations flailing about in every instance for every service of Internet “property” cannot be the norm.

Surely everyone understands that the content of the websites, blogs, social media pages, calendars, cloud based files, etc., are as much one’s property as the computer sitting at home…and other personal items, car, home, etc.

The loss of one’s “Internet-based property” can be catastrophic; however ephemeral it may seem…

Anyhoo… back to recovering accounts and paying bills now that I have my password database printed out next to me…

HernesHand

btw… as critical as care and focus on breeches of security might be, as anyone could have contacted DH regarding my account (or your account), a focus on the client is even more important. A protocol that casts suspicions on the client, however well the client may understand the possibility of thieves, has to be carefully be thought through. In this world of billions of Internet users, there is no simple way to provide a phone service for clients and against violators. The 10’s of thousands of spam emails that individuals might receive each year attest to that.

The criticality of one’s phone, phone number and its security is ever more apparent to me this week…how secure is the phone network out there?
[hr]
And a thank-you to DreamHost staff for addressing my problem. I started my inquiry early because I knew it would take time; before final word was in on the status of my computer.

HH


#7

I’m not sure what you are trying to say there, but IMO dreamhost has to assume that every attempt to access account via support override is an attempt to hi-jack the account. One must think not only in terms of the ‘random stranger’ that might be attempting to bypass the account security (probably rare in actuality) but also the person that is ‘close’ to the account or account holder such as an ex-spouse, ex-employee etc. (probably not a rare occurrence). Dreamhost does this everyday tho. In 7 years in this forum I’ve seen alot of people ask what to do next, I’ve yet to see a post tho complaining that dreamhost made a mistake and let the wrong person access an account.

I almost had to go through the ID process at one point. I had enabled 2 factor authentication for the panel, but only had one single device (my phone) set up to generate the code. I upgraded my phone without thought that I would need to reconfigure “authenticator” on the new device. By the time I realized I was locked out, I had already cleared the old device, sold it etc. Fortunately I sold the old device to a friend that hadn’t done anything with it yet and I borrowed it back and restored a backup. After that I made sure to have the authenticator app configured on more than one device.


#8

Indeed… a lot of my comments here are “thinking out loud”… it is a difficult situation to accommodate. Local banks and the like rely on photo ids, notary public signatures, medallion signatures, in person conversation, etc. All difficult in an Internet based reality. When one is finally in the situation, the details begin to hit home… here I am now, confronted with providing the answers to my security questions through unencrypted email… I gotta give to get in, so to speak.

Thank you for your thoughts on this… I have been with DH for perhaps 10 years and plan to stay…


#9

Well…digging deep into my old pages, I found my old DH forum user name, etc. All this definitely needs to get tidy up work… Thanks again to DH for their attention to this and their infinite patience with me as I slog through the ramifications of getting back online while my main computer is awaiting parts replacement… I have learned much in the process.

All the best HernesHand, aka Skye…


#10

I worked for a bank before DreamHost and we had a few situations like that :confused:

I would personally suggest using something like 1Password for password storage, since you can sync it to iCloud or Dropbox, or even wifi (so just between your phone and your computer). Also I just learned about Authy (https://www.authy.com/ ) which lets you SYNC your 2fa codes. Thank god. I just had to reset all of mine for my new phone. That was a massive PITA.

Between those two, I can get at my passwords even when my laptop is on fire.