Hello all hopefully someone in the community can give advice here.
Gitlab recently rolled out a security fix that requires everyone to verify their emails. The company I worked fro previously required that you have your work email as the primary on your gitlab. Because of Covid-19 I was let go in march and changed the email address back to the original email address.
After being locked out of my account for multiple days I reached out to support to find out I need to verify my work email address that is still associated with my account even though I have been receiving emails to the original email that was setup.
Support asked me to verify my account by doing a few things like references to last commits etc… I did all of this and now they are asking me to reach out to one of the groups Im involved with and for the OWNER of the group to email them verifying its mya ccount.
This is the worst customer service I have dealt with as the groups we are involved with are other organizations. In this case the group they are asking me to ask to email them is a corporation that Im a contractor for.
Im incredibly confused as 1.) the account has ALWAYS belonged to the email address Im using. 2.) I was NEVER locked out of the account until gitlab rolled out these changes. This is the procedure you use when someone has lost access to their account. I have not, gitlab rolled this change out which removed access to the account that I can access.
The only option I have is to create a new account as it’s not only a headache to find out who the owner of the group is but to ask them to email someone on my behalf would look poorly on my behalf.
Gitlab I really feel like you dropped the ball here. There are countless threads related to this roll out and as a software developer I can empathize with the undertaking. As a company you have cost me 6 billable days to a client and support seems to care very little about re-instating accounts that should be active.
Hey @Joshualcoffee - I won’t pretend that we (GitLab) hasn’t had a rough go with this. It’s been a stressful week and we have learned a lot from users like you sharing their experiences.
I know this has caused you such a headache, but we ask security questions (like you mentioned above) and we will refuse to make changes on an account if those are not answered correctly. We believe this to be a responsible step for security reasons, and it helps us successfully avoid social engineering attempts. On the whole, our users appreciate this about us very much.
Lastly, because you do not qualify for paid support at this time, your support ticket does not have an SLA. You simply caught our Support Team during a busy time: they obviously have a lot coming at them.
Take Action
Please know that I have captured and reported the worst parts of your experience so far. Particularly that fact that we have precluded you from working and cost you 6 days of billable income. And as an extra step, I have made sure the Support Team has reviewed your support ticket to make sure it was not mishandled.
Feel free to reach back out in this thread, I am here to listen! I also am here to empathize—something productive you and I can do right now is create a feature issue around users being allowed to log in as long as at least one email address is verified. This seems to be part of the problem in your case (and in a number of other cases) and it likely would have saved us all a lot of time.
Thanks for taking the time to respond. As I stated to the support team I can empathize as there are so many people that have had issues with this roll out. As I always say “software is held together with bandaids and rubberbands”.
I just want to reitterate one thing specifically though. I have NOT asked for ANYTHING to be changed. What I asked for was access to my account that I have had access to for years. I have verified and could verify even more in regards to this account. I mean the user name is my first middle and last name. I could verify the last coorespandats through gitlab and am even using the original primary email address.
Every single other company that allows multiple emails allows you to recover your account via another email address.
The weird thing here is the primary address SHOULD be the email address. I removed the work primary in june or july. So that’s where my concussion is. I have been receiving all notifications via the old primary.
In regards to
Lastly, because you do not qualify for paid support at this time, your support ticket does not have an SLA. You simply caught our Support Team during a busy time: they obviously have a lot coming at them.
I do empathize with this. However im not asking support to do anything other than to fix the issue that was caused by their product. I was locked out of an account that I can verify and had access to before they rolled out these changes. Verifying an email address should not lock me out when I can verify the other email address on the account.
This is what gitlab needs to really understand as Im just one of hundreds that this issue has affected. There are many people in my shoes that do not have a paid account as they are working for a corp that requires them to use their service. This change has negatively affected the open source community, and the customers that do pay for gitlab as a service.
Im now going to have to create a new account, losing access to everything I did previously because of this change. If this is truly a security issue then my IP address, verifying the groups I belong to and verifying the old previous email should have been enough. Why is it not ?
Wow. I have been getting into gitlab over the past month or so and have been enjoying it. However the idea that gitlab would lockout someone who knows their email address, password, and is trying to access their account with their regular IP address (address range?) and knows everything about their account is frankly a bit shocking and leaves a bad taste in the mouth for sure.
If this is true, this is certainly a reason to avoid using gitlab in the future. I’ll be watching this case with interest.
