Go Back   vb.org Archive > vBulletin 4 Discussion > vB4 Programming Discussions
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 09-30-2015, 05:42 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default Email addy also on login

I've thought about this idea for a couple of days, and searched but didn't find anything close, but:

What if we had not only username and password required for login, but the email address as well? Like this:

Username ___________
Password ____________
Email Address _____________

Seems to me this would be the forever end of brute force password cracking. End of success for it anyway. It also adds the extra security of what basically is a second password, stumping the script kiddies and ending their efforts as well. They would just leave and go on to easier targets.

However I do realize this has some cons to it. Possible pain in the arse for the users, and also can browsers "remember" the email address field? Would this cause problems?

I haven't seen, ever, where any site has done this. Thoughts?
Reply With Quote
Благодарность от:
RichieBoy67
  #2  
Old 10-03-2015, 12:36 AM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Wow no replies.
Reply With Quote
  #3  
Old 10-03-2015, 04:58 AM
John Lester John Lester is offline
 
Join Date: Nov 2004
Posts: 543
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Pros:
Harder for a hacker to compromise an account.
Wouldn't be that hard to code (wouldn't you just need a custom required field?)

Cons:
Browsers won't be able to remember the email field.
Users might get annoyed at having to re-enter it each time they log in.
Increases likely hood of a user getting locked out of their account due to typos.

It's an interesting idea but I'm not sure it would catch on. People today are getting lazier and lazier and having to enter an email address each time they logged in would be the biggest hurdle to get past.
Reply With Quote
  #4  
Old 10-03-2015, 09:04 AM
Dave Dave is offline
 
Join Date: May 2010
Posts: 2,583
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I also thought of this lately, shouldn't be too hard to do.

If your forum only allows unique email addresses, you can simply change the text of "Username" to "Email" at the login form and then before the login process you do something like (pseudo):

PHP Code:
// gpc['username'] contains the email entered at the login.
user select username from user where email gpc['username']

// gpc['username'] now actually contains the username, if match found.
gpc['username'] = user 
That will make it so the email address is used instead of a username.
Reply With Quote
Благодарность от:
Max Taxable
  #5  
Old 10-03-2015, 03:09 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Dave View Post

That will make it so the email address is used instead of a username.
Yep I'd thought of that too, to address the browser issue. No username use at all on login, just the email address you used to register.

This also seems like it ends all brute force cracking, and stops the script kiddies in their tracks.
Reply With Quote
  #6  
Old 10-06-2015, 04:39 AM
HM666's Avatar
HM666 HM666 is offline
 
Join Date: Jan 2014
Location: Little Rock, AR
Posts: 1,060
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I get that its probably more secure but personally for me that would annoy me and I would find it quite irritating not because I'm lazy but because I don't have a lot of extra time to play around with logging into a site. I'm sure that you would find about 95% of people would be annoyed with that as a whole and it would either hinder your current member participation or discourage them from completely being involved in your site at all. Just my 2 cents...
Reply With Quote
Благодарность от:
Max Taxable
  #7  
Old 10-06-2015, 02:33 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by HM666 View Post
I get that its probably more secure but personally for me that would annoy me and I would find it quite irritating not because I'm lazy but because I don't have a lot of extra time to play around with logging into a site. I'm sure that you would find about 95% of people would be annoyed with that as a whole and it would either hinder your current member participation or discourage them from completely being involved in your site at all. Just my 2 cents...
Yes I have the "remember me" box checked by default anyway, just for this type of gripe. If someone also did this, seems like that would be a must-have.
Reply With Quote
  #8  
Old 10-07-2015, 11:57 AM
HM666's Avatar
HM666 HM666 is offline
 
Join Date: Jan 2014
Location: Little Rock, AR
Posts: 1,060
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Max Taxable View Post
Yes I have the "remember me" box checked by default anyway, just for this type of gripe. If someone also did this, seems like that would be a must-have.
I check it too and I'm sure that many others do the same thing. There are some who don't who would probably not be too impressed lol.
Reply With Quote
  #9  
Old 10-07-2015, 11:49 PM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by HM666 View Post
I check it too and I'm sure that many others do the same thing. There are some who don't who would probably not be too impressed lol.
Found out most people actually appreciate it. Those who don't, un-check it.
Reply With Quote
  #10  
Old 10-08-2015, 04:22 AM
John Lester John Lester is offline
 
Join Date: Nov 2004
Posts: 543
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Have you looked into how the remember me works to see if you could add the email address field to it? Since browsers can't do it, perhaps a setting to store it in the db or the cookie can be done.
Reply With Quote
Благодарность от:
Max Taxable
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 09:29 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.04998 seconds
  • Memory Usage 2,269KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (1)bbcode_php
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (1)pagenav_pagelink
  • (10)post_thanks_box
  • (4)post_thanks_box_bit
  • (10)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (10)post_thanks_postbit_info
  • (10)postbit
  • (10)postbit_onlinestatus
  • (10)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete