A reviewer cannot log in

This article will help you if you have received a report from one (or more) of your users that they are unable to log in as reviewers and perform their reviewing tasks.

In this article we will cover:

  • Typical issues
  • The My Reviews link
  • Checking the reviewer exists
  • Checking the email address the reviewer has used
  • Investigating possible mistakes
  • Preventing further issues

Typical Issues

Typically the reviewer will either:

  1. Use the wrong email address.
  2. Believe they have an account and password already.

1. Using the wrong email address

Using the wrong email address can take two different forms:

  1. A slight typo
  2. Use an alternative email address that belongs to the reviewer

Using an alternative email address can also be for two reasons:

  1. The reviewer believes this email address is uniquely theirs so they should be able to, or prefer to, access the system with this email address too/instead.
  2. Use one of the social sign in methods that may be linked to a different email address

2. Believe an account already exists.

We all have far too many accounts, usernames and passwords already and remembering another is just painful!  Fortuantely with Firebird, you will only ever have one account - regardless of the project or role, so there should only ever be one username (email address) and password to remember!  Still, there are reviewers that think because they have signed up on a particualr system before that:

a) This is the same system as they signed up for previously. b) This system uses/shares the same credentials as another system they have used previously.

There is another alternative - that is the reviewer thinks that because you (the administrator) has added the reviewer to Firebird, that an account has been created and they will either need to guess or reset the password.  This will not work, obviously.

We get a lot of reviewers trying to send themselves reset password emails and get cross when the email doesn't arrive - that's because the account doesn't exist.  In today's security conscious world, we are not allowed to tell them that the account doesn't yet exists as this can be used in a phishing exercise to find out information about accounts that weren't previously known i.e. a hacker can check a number of email addresses and when they DON'T get a message that the email address doesn't exist, they have found a genuine account to hack.

Comments