Reset lost credentials/es

Técnicamente, los sysadmins de Miraheze (SRE, por sus siglas en Ingles) pueden reiniciar los credenciales de cualquiera, como por ejemplo, las contraseñas o la autenticación en 2 pasos. Sin embargo, ellos no reinician las credenciales de cualquiera por solicitud. Esto es debido al riesgo de caer en un esquema de ingeniera social. Por lo tanto, ellos requieran pruebas innegables, basadas en matemática, de que el usuario solicitando esto es el autentico dueño de la cuenta antes de reiniciar credenciales.

Por lo general, no reinician contraseñas. Si no tienes ningún correo electrónico asociado con tu cuenta y has perdido la contraseña, considera esa cuenta como perdida. Todo se hace caso-por-caso y a discreción de SRE.



SRE te conoce
Si SRE esta suficientemente seguro que la persona solicitando el reinicio es el dueño de la cuenta, es posible que hagan el reinicio. Esto depende del usuario, y como el miembro de SRE llego a conocerle.

Committed identity
Committed identity is a secret hash. The contents are only known to the generating user until the hash is revealed to SRE when you need to prove ownership.

Linked SignPost page is documenting enough that you can just follow.


 * Browse to text2hash.
 * Enter your 'secret'. It should be long enough (not just two-three words, not easy to guess, preferably have some random string (i.e. today's date). Hash is "SHA512" - leave it as is. If it is not SHA512, change to SHA512.
 * The string used in this help page is.
 * text2hash will dynamically generate the hash. Copy the result.
 * In this example, hash is.
 * Paste your hash into your user page.
 * In this example, do.
 * Now, close the tab and re-open it.
 * Verify the same original string and verify that the newly generated hash matches the hash in the template.
 * IF, and ONLY IF the two hashes match, save it.

And when you need to prove your ownership, if SRE asks, send an email to sre@undefinedmirahezeorg with the string. If you are putting "" around it, tell us if we need to remove it when putting the hash.

GPG
If you have a Gnu Privacy Guard key with signing functions, you can use it to prove your ownership.


 * 1) Create a GnuPG key. This is not explained in this help page. Debian has a great how-to page for this. Just make sure your key doesn't expire (When asked for , just enter or give 0.)
 * 2) If you followed the above example, you now have a GnuPG key. Now, when your key was created, gpg told you about  . Paste that value somewhere. This is very important.
 * 3) Sign a statement (do Clearsign.) with "current date", statement " " Example in User:Revi/ssh.
 * 4) Save the signature with the original text and the fingerprint on wiki. Wrap your comment with   otherwise MediaWiki formatting will mess up the GPG signature.
 * 5) When requested, send a signed email from the specified key to sre@undefinedmirahezeorg to verify your identity.
 * 6) Your key must be available from the   pool, so we can verify your key independently. Verify that your key is available by checking against keyserver.ubuntu.com, pgp.mit.edu, and pgp.surfnet.nl. Your key should be accessible from all of the three servers. (If your key is new, it may take time to synchronize the key between key servers. Try again after 24 hours.)

This requires understanding of how GPG key creation, signing, and keyserver works, and thus not recommended for newbies. This is an option for technically savvy users.