Welcome to Geeklog, Anonymous Saturday, December 21 2024 @ 10:10 am EST
Geeklog Forums
Lost Password Security Suggestion
Status: offline
ronack
Forum User
Full Member
Registered: 05/27/03
Posts: 612
I saw a while back that there was an issue where a person or prankster could enter someones username and email and GL would automagically change their password. Thus that user would then be unable to log in, of course they would get the new password emailed to them. This would be an annoyance and if the prankster was especially malicious could cause all big time problems.
I have been on many a site where you are asked to provide a security word. (favorite pet, mothers maiden name, place born etc). Of course not fool proof but it does add a little protection for password request requiring 3 accurate items.
USERNAME, EMAIL, and SECURITY WORD.
Any chance this could be implemented in GL2?
I have been on many a site where you are asked to provide a security word. (favorite pet, mothers maiden name, place born etc). Of course not fool proof but it does add a little protection for password request requiring 3 accurate items.
USERNAME, EMAIL, and SECURITY WORD.
Any chance this could be implemented in GL2?
9
8
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
In case you haven't noticed - the "forgot password" function was already changed in 1.3.8. It's still possible to "flood" someone with password change notification emails (provided you have some scripting capabilities - and there's also a speed limit to slow things down) but it won't change the password.
bye, Dirk
bye, Dirk
9
9
Quote
All times are EST. The time is now 10:10 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content