At Talia, we use Skype as a backup chat mechanism in addition to our own Jabber server. When choosing corporate Skype names, we tend to match the email address, replacing the at sign as that’s invalid on Skype. So “firstname.lastname@example.org” becomes Skype user “tyler.example.com”. A while back we discovered that we couldn’t reset the password of one of our staff members, Mohamed. Mohamed could reset his password via the Skype web interface, but couldn’t login afterward.
We assigned a slightly different Skype username to Mohamed and I didn’t dig into it at the time. Then it happened to another user, Joe, who had left and returned. That’s when we realised the commonality – both users had been deleted at one time and re-created. Mohamed is a common name, and we deleted his predecessor’s Skype account when he left. We did the same when Joe left.
So I logged in as the Skype manager account and contacted support. The full log follows, but what we discovered is that:
- A deleted user can not be undeleted, nor can the username ever be re-used.
- A deleted user can change his password via the password recovery procedure.
- If a deleted user attempts to login, even with the correct password, login.skype.com displays “Signing in failed. Please double-check your Skype Name and re-enter your password.”
- At no point can a deleted user discover he is deleted. No interface warns “this user is deleted”, nor is there a list in your Skype manager of users you’ve deleted.
So I had no way to know that these users were deleted. If I hadn’t pieced it together myself, we’d probably still be screwing around with password reset forms.
Although they explained the situation, Skype support wasn’t helpful. They didn’t read my problem report, instead asking questions off the script. So I explained three times to two people until they got it. It would be nice if they implemented my request to warn deleted users that they cannot login, but I’m not holding my breath.
From today’s Skype support session:
11:30:19 example.com – Initial Question/Comment: Password / username problems
11:30:19 System – Thank you for contacting Skype Customer Support!
11:30:24 System – Ruth Joanna M. has joined this session!
11:30:24 System – Connected with Ruth Joanna M. –
11:30:26 example.com – Hello
11:30:31 example.com – I’m having trouble with two accounts
11:30:58 Ruth Joanna M. – Hello! Welcome to Skype Live Support! My name is Ruth. How may I help you?
11:31:20 example.com – both joe.example.com and mohamed.example.com are unable to reset their passwords. Only these accounts seem to be affected. They can request the password reset token email, and click on the link in that email.
11:31:30 example.com – And they can change their passwords on that page.
11:31:35 example.com – But afterward still cannot login.
11:31:58 example.com – One possible commonality – I think both accounts have in the past been deleted and re-created.
11:32:09 Ruth Joanna M. – So you’re having troubles with joe.example.com and mohamed.example.com, is that correct?
11:32:11 example.com – yes
11:32:34 Ruth Joanna M. – OK. Let me check this for you. Please wait. I’ll be back within 2-3 minutes.
11:32:37 example.com – thank you.
11:37:10 Ruth Joanna M. – Looks like I need more time. May I have another 2-3 minutes?
11:37:29 example.com – of course, do whatever you need to do. Feel free to reset both passwords to whatever you want. We can login with the Skype client and change it again.
11:38:27 Ruth Joanna M. – Looks like I need to transfer you to the right department. Please wait while I transfer you through.
11:38:30 example.com – sure.
11:38:45 Ruth Joanna M. – Thanks.
11:38:50 System – You are being transferred to another queue. Please stand by…
11:38:50 System – Ruth Joanna M. has left this session!
11:39:30 System – Rodolfo D. has joined this session!
11:39:30 System – Connected with Rodolfo D. –
11:39:30 Rodolfo D. – Hello! Welcome to Skype Live Support! My name is Rodolfo. How may I help you?
11:39:37 example.com – Hi Rodolfo
11:39:44 example.com – Did Ruth explain or shall I paste it here?
11:40:50 Rodolfo D. – Can you please tell me the exact problem?
11:40:53 example.com – I’m having trouble with two accounts. Both joe.example.com and mohamed.example.com are unable to reset their passwords. Only these accounts seem to be affected. They can request the password reset token email, and click on the link in that email. And they can change their passwords on that page. But afterward they still cannot login.
One possible commonality – I think both accounts have in the past been deleted and re-created.
Do whatever you need to do. Feel free to reset both passwords to whatever you want. We can login with the Skype client and change it again. Assuming that works. :)
11:40:55 example.com – there you are.
11:45:35 Rodolfo D. – So you want to change email?
11:45:35 Rodolfo D. – Am I right?
11:45:47 example.com – no
11:45:52 example.com – I want to be able to login as both users.
11:46:00 example.com – I want those users to be able to login.
11:46:05 example.com – They are here in the office with me.
11:46:14 example.com – But they can’t login, because they cannot reset their passwords
11:46:25 example.com – Because your password reset page does not appear to work (for them).
11:46:40 Rodolfo D. – So logging in on both accounts at the same time?
11:46:43 example.com – No.
11:46:47 example.com – Two people, two PCs.
11:46:51 example.com – They want to login, each of them.
11:47:01 example.com – But they cannot login.
11:47:20 Rodolfo D. – Any error message?
11:47:46 example.com – They cannot login to login.skype.com because they don’t have the current password.
11:47:55 example.com – Then they click the password reset link.
11:48:00 example.com – They get the password reset email token.
11:48:03 example.com – They click that link.
11:48:11 example.com – They reset the password there. It indicates success.
11:48:15 example.com – Then they still cannot login.
11:48:30 Rodolfo D. – I see there that the account mohamed.example.com was already deleted by the admin of Skype Manager.
11:48:35 example.com – yes
11:48:43 example.com – Yes
11:48:51 example.com – A long time ago we had a user named that.
11:48:53 example.com – Now we have another.
11:49:12 example.com – That was me that deleted it.
11:49:50 Rodolfo D. – Okay, but using exact Skype name is not possible.
11:49:59 example.com – Can we undelete the account?
11:50:11 example.com – Or is it permanently unavailable?
11:50:27 Rodolfo D. – Sorry it is not possible to reactivate account.
11:50:28 example.com – OK, so in future we’ll never delete a Skype account again.
11:50:34 example.com – That’s just silly.
11:50:40 example.com – Ok, how about email@example.com?
11:50:47 example.com – er, joe.example.com – I don’t think it was deleted.
11:50:59 example.com – IT was a home user that we disassociated , though.
11:52:41 Rodolfo D. – Let me check it.
11:56:26 Rodolfo D. – The account is already disabled too.
11:56:35 example.com – wow.
11:56:47 example.com – So we’ll forever have a mismatch, and there’s no way to fix it
11:57:01 example.com – And your web interface doesn’t give any indication that the account is deleted when you try to reset
11:57:06 example.com – in fact it indicates success.
11:57:17 Rodolfo D. – Do you really need the same Skype name?
11:57:27 example.com – we match email to skype name to avoid confusion
11:57:43 example.com – and of course our email server is happy to reuse an address.
11:58:01 Rodolfo D. – Sorry but you can add some additional characters like numbers or symbols
11:58:34 example.com – Would you please submit a UI improvement to fix the web page so this is more clear to other people?
11:58:39 example.com – I could find no documentation of this problem
11:59:00 example.com – you shouldn’t be able to change a password of a deleted user.
11:59:16 example.com – or when a deleted user logs in, it should say “sorry this account is deleted” not “wrong password”
12:03:11 Rodolfo D. – You can see it on your members list.
12:03:23 example.com – No I can’t. The user is deleted.
12:03:33 example.com – but that’s not what I’m requesting.
12:03:44 Rodolfo D. – I understand you.
12:03:54 example.com – That’s Ok. I’ll document this on my blog, so the next poor sod can Google for this issue.
12:04:11 Rodolfo D. – Anything else?
12:05:07 example.com – No, thank you.
12:05:22 Rodolfo D. – If you have any other questions or concerns, please feel free to contact us again and I’ll be more than happy to assist you further.
Once you are ready please click on the “Exit” button.
Session ID: 2086852
The above log is edited to change my email addresses and Skype accounts, but is otherwise verbatim.