vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 Programming Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=252)
-   -   Email addy also on login (https://vborg.vbsupport.ru/showthread.php?t=320382)

Max Taxable 09-30-2015 05:42 PM

Email addy also on login
 
I've thought about this idea for a couple of days, and searched but didn't find anything close, but:

What if we had not only username and password required for login, but the email address as well? Like this:

Username ___________
Password ____________
Email Address _____________

Seems to me this would be the forever end of brute force password cracking. End of success for it anyway. It also adds the extra security of what basically is a second password, stumping the script kiddies and ending their efforts as well. They would just leave and go on to easier targets.

However I do realize this has some cons to it. Possible pain in the arse for the users, and also can browsers "remember" the email address field? Would this cause problems?

I haven't seen, ever, where any site has done this. Thoughts?

Max Taxable 10-03-2015 12:36 AM

Wow no replies.

John Lester 10-03-2015 04:58 AM

Pros:
Harder for a hacker to compromise an account.
Wouldn't be that hard to code (wouldn't you just need a custom required field?)

Cons:
Browsers won't be able to remember the email field.
Users might get annoyed at having to re-enter it each time they log in.
Increases likely hood of a user getting locked out of their account due to typos.

It's an interesting idea but I'm not sure it would catch on. People today are getting lazier and lazier and having to enter an email address each time they logged in would be the biggest hurdle to get past.

Dave 10-03-2015 09:04 AM

I also thought of this lately, shouldn't be too hard to do.

If your forum only allows unique email addresses, you can simply change the text of "Username" to "Email" at the login form and then before the login process you do something like (pseudo):

PHP Code:

// gpc['username'] contains the email entered at the login.
user select username from user where email gpc['username']

// gpc['username'] now actually contains the username, if match found.
gpc['username'] = user 

That will make it so the email address is used instead of a username.

Max Taxable 10-03-2015 03:09 PM

Quote:

Originally Posted by Dave (Post 2556155)

That will make it so the email address is used instead of a username.

Yep I'd thought of that too, to address the browser issue. No username use at all on login, just the email address you used to register.

This also seems like it ends all brute force cracking, and stops the script kiddies in their tracks.

HM666 10-06-2015 04:39 AM

I get that its probably more secure but personally for me that would annoy me and I would find it quite irritating not because I'm lazy but because I don't have a lot of extra time to play around with logging into a site. I'm sure that you would find about 95% of people would be annoyed with that as a whole and it would either hinder your current member participation or discourage them from completely being involved in your site at all. Just my 2 cents...

Max Taxable 10-06-2015 02:33 PM

Quote:

Originally Posted by HM666 (Post 2556384)
I get that its probably more secure but personally for me that would annoy me and I would find it quite irritating not because I'm lazy but because I don't have a lot of extra time to play around with logging into a site. I'm sure that you would find about 95% of people would be annoyed with that as a whole and it would either hinder your current member participation or discourage them from completely being involved in your site at all. Just my 2 cents...

Yes I have the "remember me" box checked by default anyway, just for this type of gripe. If someone also did this, seems like that would be a must-have.

HM666 10-07-2015 11:57 AM

Quote:

Originally Posted by Max Taxable (Post 2556444)
Yes I have the "remember me" box checked by default anyway, just for this type of gripe. If someone also did this, seems like that would be a must-have.

I check it too and I'm sure that many others do the same thing. There are some who don't who would probably not be too impressed lol.

Max Taxable 10-07-2015 11:49 PM

Quote:

Originally Posted by HM666 (Post 2556509)
I check it too and I'm sure that many others do the same thing. There are some who don't who would probably not be too impressed lol.

Found out most people actually appreciate it. Those who don't, un-check it.

John Lester 10-08-2015 04:22 AM

Have you looked into how the remember me works to see if you could add the email address field to it? Since browsers can't do it, perhaps a setting to store it in the db or the cookie can be done.


All times are GMT. The time now is 02:29 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01874 seconds
  • Memory Usage 1,738KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_php_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete