The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
#1
|
||||
|
||||
Email addy also on login
I've thought about this idea for a couple of days, and searched but didn't find anything close, but:
What if we had not only username and password required for login, but the email address as well? Like this: Username ___________ Password ____________ Email Address _____________ Seems to me this would be the forever end of brute force password cracking. End of success for it anyway. It also adds the extra security of what basically is a second password, stumping the script kiddies and ending their efforts as well. They would just leave and go on to easier targets. However I do realize this has some cons to it. Possible pain in the arse for the users, and also can browsers "remember" the email address field? Would this cause problems? I haven't seen, ever, where any site has done this. Thoughts? |
Благодарность от: | ||
RichieBoy67 |
#2
|
||||
|
||||
Wow no replies.
|
#3
|
|||
|
|||
Pros:
Harder for a hacker to compromise an account. Wouldn't be that hard to code (wouldn't you just need a custom required field?) Cons: Browsers won't be able to remember the email field. Users might get annoyed at having to re-enter it each time they log in. Increases likely hood of a user getting locked out of their account due to typos. It's an interesting idea but I'm not sure it would catch on. People today are getting lazier and lazier and having to enter an email address each time they logged in would be the biggest hurdle to get past. |
#4
|
|||
|
|||
I also thought of this lately, shouldn't be too hard to do.
If your forum only allows unique email addresses, you can simply change the text of "Username" to "Email" at the login form and then before the login process you do something like (pseudo): PHP Code:
|
Благодарность от: | ||
Max Taxable |
#5
|
||||
|
||||
Quote:
This also seems like it ends all brute force cracking, and stops the script kiddies in their tracks. |
#6
|
||||
|
||||
I get that its probably more secure but personally for me that would annoy me and I would find it quite irritating not because I'm lazy but because I don't have a lot of extra time to play around with logging into a site. I'm sure that you would find about 95% of people would be annoyed with that as a whole and it would either hinder your current member participation or discourage them from completely being involved in your site at all. Just my 2 cents...
|
Благодарность от: | ||
Max Taxable |
#7
|
||||
|
||||
Quote:
|
#8
|
||||
|
||||
I check it too and I'm sure that many others do the same thing. There are some who don't who would probably not be too impressed lol.
|
#9
|
||||
|
||||
Found out most people actually appreciate it. Those who don't, un-check it.
|
#10
|
|||
|
|||
Have you looked into how the remember me works to see if you could add the email address field to it? Since browsers can't do it, perhaps a setting to store it in the db or the cookie can be done.
|
Благодарность от: | ||
Max Taxable |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|