+ Start a Discussion
ClaiborneClaiborne 

Lost Access to Sandbox - Workbench Hack or Security Hole?

I recently found myself locked out of my sandbox because I was on a new computer. When I tried to log into the sandbox, it was sending an email with the verification code to the email address munged when the sandbox was created, i.e., email=email.com@example.com. This munging was implemented a couple of years ago to prevent automated processes from sending reports, chatter feeds, approval requests, etc. from the sandbox to unsuspecting users.

BTW, munge is a highly techical term defined here.

What I was able to do is log onto Workbench from my computer, edit my email address back to email@email.com. Once I confirmed the email address change, I tried to log in again to the sandbox. This time the verification code was sent to email@email.com. With the new verification code, I was able to log in without problem.

So . . .
  1. Will this hack work all the time? Or was it because the location of my Workbench was a web site that had previously accessed the sandbox? Or was it because the version of Workbench I used is pretty old, version 29.0.
  2. Is this a security hole? Why was I able to log in via Workbench without verification? Same questions as above.
And regarding the original problem - losing sandbox access because of the munged email address - what can be done to prevent this?

Should I always use my mobile phone to receive the verification code? I do not think mobile phone numbers are munged.