I suggest what hotmail has now.
after 3 failed attempts at logging on they make you put in a special Random code which makes It difficult for those Dictionary method and code breaking programs to crack your pass if they are stopped after 3 log in attempts.
but what would be better is before E-mail or password is allowed to be changed you must go to your e-mail and change e-mail address/pass on there so the person wouldn't be able to do anything with your account if they guessed your code.
Security Suggestions... 8)
-
GOLDEN WING
- Wraith
- Posts: 3890
- Joined: Wed Jul 01, 2009 2:04 am
- Alliance: ~RiCoS_WÅrLoRdS~
- Race: Heatwave
- ID: 0
- Location: The Rising Sun
Re: Security Suggestions... 8)
Golden's Trade feedback
13,340,362,434,249 power remaining, they manage to eliminate 720,000 of ??????'s Covert Ops!
20,630,871,718,938 power remaining, they manage to eliminate 2.970.149 of steeooo's Undercover Agents!
-
Juliette
Verified - The Queen
- Posts: 31802
- Joined: Sun Feb 06, 2005 6:57 pm
- Race: Royalty
- ID: 4323
- Alternate name(s): Cersei Lannister
- Location: Ultima Thule
Re: Security Suggestions... 8)
And we're back to talking about information security management on the user side.. you cannot account for user stupidity. We're doing that enough already with all the checkboxes and other stuff.
Again. Creating an issue where there isn't any. Fixing something that isn't broken is just a waste of time.
Yes, the entire registration system should be rewritten. Yes, the entire manner of server-side form-database communication should be redone. But that's the way it is. It's not 'unsafe' unless you make it unsafe by using the same pass-WORD everywhere. What's so difficult with taking your OWN responsibility in making your password complicated enough and keeping it PRIVATE?
So.. wrong tree to bark up. This one is entirely on the user side. Fix it yourself.
Again. Creating an issue where there isn't any. Fixing something that isn't broken is just a waste of time.
Yes, the entire registration system should be rewritten. Yes, the entire manner of server-side form-database communication should be redone. But that's the way it is. It's not 'unsafe' unless you make it unsafe by using the same pass-WORD everywhere. What's so difficult with taking your OWN responsibility in making your password complicated enough and keeping it PRIVATE?
So.. wrong tree to bark up. This one is entirely on the user side. Fix it yourself.
GOLDEN WING wrote:I suggest what hotmail has now.
after 3 failed attempts at logging on they make you put in a special Random code which makes It difficult for those Dictionary method and code breaking programs to crack your pass if they are stopped after 3 log in attempts.
but what would be better is before E-mail or password is allowed to be changed you must go to your e-mail and change e-mail address/pass on there so the person wouldn't be able to do anything with your account if they guessed your code.
-
noone
- Forum Elite
- Posts: 1916
- Joined: Thu Aug 09, 2007 5:49 am
- Alliance: none
- Race: gone
- ID: 0
- Alternate name(s): Nostradamus,Nostra,NanoBite,Drought,Darkwing Duck,Duck Dodgers,Medusa,Star Nova,System Mistress,*The Exile,ingolfúr,Belle,Lagertha.
- Location: gone
Re: Security Suggestions... 8)
Me thinks the wrong subject's being barked too...
The topic name is a bit misleading though, but it comes down to having a security feature that ensure deleted account retrieval.
I think the whole whos and whats not about passes and emails are irrelevant here.
7 Days for a 'change of mind / undo delete' periode.
Perhaps get a confirmation when trying to log in again ?
"You have deleted your account, did you get your lithium smeared prozac cookie, rendering your rage quit in guilt and now want your account back ? click here before in X days this is no longer possbile "
Not a bad idea, something that might work for those that get their rage tempered by some nice cookies :>
The topic name is a bit misleading though, but it comes down to having a security feature that ensure deleted account retrieval.
I think the whole whos and whats not about passes and emails are irrelevant here.
7 Days for a 'change of mind / undo delete' periode.
Perhaps get a confirmation when trying to log in again ?
"You have deleted your account, did you get your lithium smeared prozac cookie, rendering your rage quit in guilt and now want your account back ? click here before in X days this is no longer possbile "
Not a bad idea, something that might work for those that get their rage tempered by some nice cookies :>