About half a year ago, I became absolutely and utterly convinced that my AIM account was gone forever. When I graduated from law school, I’d stopped regularly logging in. In January, I fired Trillian up again (for Mystery Hunt purposes) only to discover that I’d accidentally logged myself out at some point. To my horror, I discovered that what I thought was my password no longer worked. I must have changed it at some point during law school and then gone so long without needing to type it in that I’d plum forgotten the new one.
No problem, I thought. That’s what password resets are for. Too bad my security question was utterly inscrutable (I’d written it somthing like five years prior) and the email address I’d used when signing up no longer exists. And with that, I hit a dead end.
And then, when copying files over to Holophonor, I discovered that on my old desktop PC I was still logged in. Now, you can’t change your password without typing in the old one, so my joy turned to despair, and then promptly turned back when I discovered that the AIM client (I’m not even going to say what version number it was, only that it was probably out of date when I installed it) lets you change your secondary email address.
That was all I needed. On my old desktop, I changed my email address to my current one. Then I went to the password reset page, and had it email me a reset-your-password link. That arrived on my new computer, I followed it, and bingo. Now I’m up and running again with iChat.
This behavior, note, partly undermines the security advantages of requiring you to type your old password to change your password from the client. After all, I just successfully changed my password without ever knowing the old one or anything else. All it took was access to a logged-in AIM account. If that account had been someone else’s, AIM wouldn’t have been able to stop me from changing first the email address and then the password.
My best guess as to what’s going on is that the 72-hour waiting period is there not because it takes that long to update the servers (altough this is AOL we’re talking about here) but to slow up the hijacking process and allow time for the real owner to see a “we’re changing your address” email sent to the old address.
In any event, I’m going to be on fairly infrequently, but it will be more than I have been in the past. I’m also looking to try out the AV features of iChat. Email me if you want to know my screenname.