Oct<-- Nov 2024 -->Dec
S M T W T F S
27 28 29 30 31 1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

Disclaimer: The entries you find in these pages are based on my individual opinions and thoughts. Some of the entries may be just plain wrong, and others harmful. Should you choose to act on, or try, anything you find on this site, you assume any and all risks associated with your actions. So there.



 


Gmail IMAP Password Error Web Login Required

September 8, 2009

I have migrated approximately 500 accounts and 40 domains over to Google Apps for your Domain. Most of my clients use the IMAP protocol to access their email accounts. One of the issues that I have come across is an error on password that occurs after a few days, weeks or even months of use.

The user begins to get a password error on login. If the user reads the complete error, it will say something along the lines of "Error on Password; web login required." The cure is simple, log in to the gmail webmail site for your account. Once the user logs in, the problem goes away.

Most users have no idea how to do this, so we always setup their domain to have a simple webmail login using http://webmail.CLIENTDOMAIN.com, where CLIENTDOMAIN.com is their actual domain. But others have to use the standard Google login, which is http://www.google.com/a/CLIENTDOMAIN.com.

The other day I ran across this issue, but logging into the webmail didn't cure it. In fact, the problem persisted through logging-out, rebooting, logging in from another computer, and everything else we could think of to try. Finally I just reset the password on the account to a new password. That worked right away. It wasn't that we had the wrong password -- we couldn't have reset the password otherwise. Somehow Google just didn't like the old password.

Bye Bye eCommerce

September 8, 2009

CCG has accepted credit cards for 10 years or more. Today we no longer accept them. The death blow came in two punches.

The first punch came months ago when our merchant account provider began to charge us an annual fee for Payment Card Industry (PCI) Data Security Standards (DSS) compliance. We had to prove to our merchant provider that we handled our client data securely. The only problem is that we can't do that. The reason we can't do that is that we simply don't collect client credit card data in the first place.

Our system has always consisted of a login to access your invoices. If you chose to pay an invoice online, we redirected you to Authorize.net, who collected your credit card info securely, then returned a success or failure code and an email. Our system never handled any of the required data, and only received a pass/fail notice in order to update the status of the paid invoice.

Now, in order to show compliance, in essence, we would have to begin collecting all of this data. Then we would have to store it securely and demonstrate that our security is robust. On the face of it this is ridiculous. Isn't it more secure never to collect and store the data than to do so in the first place? Still, that is not an option on the checklist. The upshot is that our provider began to hit us with an annual compliance fee and a monthly non-compliance penalty. Talk about your catch-22.

We interviewed other providers and were told that, while we would get hit with a one-time fee to prove (or disprove) compliance, we would never be hit every year and certainly wouldn't be fined monthly. Great, sign us up! Things went back to normal shortly after we switched merchant account providers, and our other fees went down too.

The second punch came this week. We got a compliance letter from the new provider. They are now charging us annually so they can check our compliance. And they will fine us monthly until we can prove we comply. How can you prove a negative? How are we supposed to prove we protect data we don't collect or store?

Oh well, so long credit card companies. I do truly appreciate your efforts to protect our privacy, really I do. But until you go about it in a sane manner, I can't be your customer any longer. Sniff... oh well, I don't need to pay you to get paid any more anyway.