Suggestion: Password reminder feature - Board 2

Points of Required Attention™

Please chime in on a proposed restructuring of the ROM hacking sections.

Views: 88,493,695

Main | FAQ | Uploader | IRC chat | Radio | Memberlist | Active users | Latest posts | Calendar | Stats | Online users | Search

04-27-24 06:56 PM

Guest: Register | Login

0 users currently in Help/Suggestions/Bug Reports | 1 guest

Main - Help/Suggestions/Bug Reports - Suggestion: Password reminder feature

New thread | New reply

Posted on 02-07-10 04:58 PM

Link | Quote | ID: 126761

Level: 64

Posts: 643/939
EXP: 2210639
Next: 3458

Since: 02-29-08

Last post: 4609 days
Last view: 1703 days

(Not to be confused with "password resetting").

The TRUE reason that I left the board for so long (instead of just a few months) was that when I came back I couldn't login because I forgot my password, and I didn't bother to take any action until NightKev discovered that I was Traffic Light and convinced me to ask for my password at IRC, and just when I was about to do that I remembered my password...

The point is that having an option of sending it by email would have been faster.

If that's impossible because it is encrypted or something then an option to sending it by email when one changes it (before it is encrypted or something) would be good.

____________________

paulguy

Posted on 02-07-10 05:00 PM

Link | Quote | ID: 126762

Flurry
Level: 37

Posts: 216/258
EXP: 327014
Next: 11239

Since: 04-10-07
From: Buffalo, NY

Last post: 5029 days
Last view: 4570 days


	Yeah, I think it's stored encrypted, so that'd be a bit difficult. Also, they seem pretty security-centric around here, so I doubt they'd send you the password in an email in plaintext, but we'll see what people who matter have to say. :p ____________________ "In other news, Scientists theoretize that CHEESECAKE CHEESECAKE CHEESECAKE." --Blackhole89

Posted on 02-07-10 05:01 PM (rev. 3 of 02-07-10 05:04 PM)

Link | Quote | ID: 126763

Spamming from alt accounts.
Level: 81

Posts: 603/1610
EXP: 4880693
Next: 112156

Since: 09-10-08

Last post: 3590 days
Last view: 3010 days

Posted by Traffic Light
(Not to be confused with "password resetting").

The TRUE reason that I left the board for so long (instead of just a few months) was that when I came back I couldn't login because I forgot my password, and I didn't bother to take any action until NightKev discovered that I was Traffic Light and convinced me to ask for my password at IRC, and just when I was about to do that I remembered my password...

The point is that having an option of sending it by email would have been faster.

If that's impossible because it is encrypted or something then an option to sending it by email when one changes it (before it is encrypted or something) would be good.

Hm... what if you're a hacker, and pretend to be the person who lost his password? It'd be impossible to know if the person didn't enter an email address in his profile.

While we're at it, maybe the board should ask for passwords twice... just like other boards... so that if you have a typo in your password, you have twice less chance to end screwed...

Posted by paulguy
Yeah, I think it's stored encrypted, so that'd be a bit difficult. Also, they seem pretty security-centric around here, so I doubt they'd send you the password in an email in plaintext, but we'll see what people who matter have to say. :p

An online MD5 decrypter can (or cannot, depending on the password's complexity) find the original password from a MD5 hash.

____________________
Kafuka -- ROM hacking
Kuribo64 -- we hack shit

Kawa

Posted on 02-07-10 05:40 PM

Link | Quote | ID: 126764

CHIKKN NI A BAAZZKIT!!!
80's Cheerilee is best pony
Level: 138

Posts: 3226/5344
EXP: 30948160
Next: 714821

Since: 02-20-07
From: The Netherlands

Last post: 4499 days
Last view: 2635 days

How about this? A security question that only you would know the answer to, and if you forget your password...

1) Go to Password Reset page
2) Enter name
3) Recieve security question
4) Enter answer to question and new password
5) Receive bacon

____________________
Wife make lunch - Shampoo
Opera - give it a spin
Spare some of your free time?
<GreyMaria> I walked around the Lake so many goddamn times that my sex drive was brutally murdered
Kawa rocks

— byuu

Posted on 02-07-10 06:17 PM

Link | Quote | ID: 126766

The Guardian
Moloch whose eyes are a thousand blind windows!
Level: 124

Posts: 2885/4196
EXP: 21535231
Next: 301370

Since: 02-19-07
From: Ithaca, NY, US

Last post: 472 days
Last view: 85 days

How about this?

1) Go to IRC
2) Convince an administrator that you are indeed the person who you claim to be; they might wish to verify this by comparing IPs, browser signatures or similar or simply check your ownership of any websites or mail addresses you provided in your profile, with especially the latter being pretty much equivalent to setting a "reset your password here" mail address
3) get new password

____________________

Kawa

Posted on 02-07-10 06:18 PM

Link | Quote | ID: 126767

CHIKKN NI A BAAZZKIT!!!
80's Cheerilee is best pony
Level: 138

Posts: 3227/5344
EXP: 30948160
Next: 714821

Since: 02-20-07
From: The Netherlands

Last post: 4499 days
Last view: 2635 days

Or that, yeah.

____________________
Wife make lunch - Shampoo
Opera - give it a spin
Spare some of your free time?
<GreyMaria> I walked around the Lake so many goddamn times that my sex drive was brutally murdered
Kawa rocks

— byuu

Posted on 02-07-10 07:58 PM (rev. 2 of 02-07-10 08:00 PM)

Link | Quote | ID: 126775

Spamming from alt accounts.
Level: 81

Posts: 605/1610
EXP: 4880693
Next: 112156

Since: 09-10-08

Last post: 3590 days
Last view: 3010 days

Posted by blackhole89
2) Convince an administrator that you are indeed the person who you claim to be; they might wish to verify this by comparing IPs

This may not work if the person's IP has changed since his last login. Unless he's got a static IP. But for that you'd need to ask yor ISP and all...

Email addresses would be the way to go. Like, you tell the admin to email you and tell him you will reply a certain phrase, and, if the person has replied the email with the exact same phrase, it's okay...

____________________
Kafuka -- ROM hacking
Kuribo64 -- we hack shit

Nikolaj

Posted on 02-07-10 08:38 PM

Link | Quote | ID: 126778

Level: 43

Posts: 89/384
EXP: 546432
Next: 18614

Since: 11-19-09
From: Denmark

Last post: 4536 days
Last view: 3220 days

Posted by Mega-Mario
Posted by blackhole89
2) Convince an administrator that you are indeed the person who you claim to be; they might wish to verify this by comparing IPs

This may not work if the person's IP has changed since his last login. Unless he's got a static IP. But for that you'd need to ask yor ISP and all...

Email addresses would be the way to go. Like, you tell the admin to email you and tell him you will reply a certain phrase, and, if the person has replied the email with the exact same phrase, it's okay...

That sounds like a good idea!

Posted on 02-08-10 01:11 AM

Link | Quote | ID: 126788

Fuzzy
Son of a bitch, I'm sick of these dolphins...
Level: 59

Posts: 777/778
EXP: 1634563
Next: 38565

Since: 10-15-08
From: Florida

Last post: 5185 days
Last view: 4952 days

Posted by Mega-Mario
Posted by blackhole89
2) Convince an administrator that you are indeed the person who you claim to be; they might wish to verify this by comparing IPs

This may not work if the person's IP has changed since his last login. Unless he's got a static IP. But for that you'd need to ask yor ISP and all...

Email addresses would be the way to go. Like, you tell the admin to email you and tell him you will reply a certain phrase, and, if the person has replied the email with the exact same phrase, it's okay...

I think that would be a good idea, but after the user responds with the correct phrase, THEN they're sent an email with their password. If the password is in the first email, it doesn't matter if they respond with the phrase or not; they have what they wanted.

On another note, I actually quite like Kawa's idea. Of course, you could always go on IRC and ask an admin, and there's no issues with that. This would just be a way of doing the same thing, but not having to bother anyone past coding it into the board. I know the admins can be pretty busy at times, so this would really just expedite the process.

____________________

Layout made by Stark.

Posted on 02-08-10 04:22 AM

Link | Quote | ID: 126792

Cape Luigi
Level: 131

Posts: 4126/4792
EXP: 26232830
Next: 191790

Since: 03-15-07

Last post: 3736 days
Last view: 3647 days

"Security" questions just make passwords more insecure. Why bother trying to figure out someone's password if you can figure out a much easier security question?

Also, bukk, congrats on post 777.

____________________

Kawa

Posted on 02-08-10 05:10 PM

Link | Quote | ID: 126809

CHIKKN NI A BAAZZKIT!!!
80's Cheerilee is best pony
Level: 138

Posts: 3230/5344
EXP: 30948160
Next: 714821

Since: 02-20-07
From: The Netherlands

Last post: 4499 days
Last view: 2635 days

Posted by Bukkarooo
I know the admins can be pretty busy at times

Or not at all there.

____________________
Wife make lunch - Shampoo
Opera - give it a spin
Spare some of your free time?
<GreyMaria> I walked around the Lake so many goddamn times that my sex drive was brutally murdered
Kawa rocks

— byuu

Posted on 02-11-10 12:23 PM

Link | Quote | ID: 126966

Spamming from alt accounts.
Level: 81

Posts: 625/1610
EXP: 4880693
Next: 112156

Since: 09-10-08

Last post: 3590 days
Last view: 3010 days

That's why most boards ask for a valid email address upon registration. It makes dealing with lost passwords automatic and therefore a whole lot easier.

____________________
Kafuka -- ROM hacking
Kuribo64 -- we hack shit

Posted on 02-11-10 12:35 PM

Link | Quote | ID: 126967

Cape Luigi
Level: 131

Posts: 4132/4792
EXP: 26232830
Next: 191790

Since: 03-15-07

Last post: 3736 days
Last view: 3647 days

Maybe just have the board email you the username/password you signed up with (assuming you enter an email address) like some do. Then there doesn't have to be a record of your pass unencrypted at the board itself.

____________________

Posted on 02-11-10 12:43 PM

Link | Quote | ID: 126968

Spamming from alt accounts.
Level: 81

Posts: 626/1610
EXP: 4880693
Next: 112156

Since: 09-10-08

Last post: 3590 days
Last view: 3010 days

Or you can just prompt the user to reset his password.

This way, no unencrypted password in the board's database, no unencrypted password in an email...

____________________
Kafuka -- ROM hacking
Kuribo64 -- we hack shit

Main - Help/Suggestions/Bug Reports - Suggestion: Password reminder feature

New thread | New reply

Acmlmboard 2.1+4δ (2023-01-15)
© 2005-2023 Acmlm, blackhole89, Xkeeper et al.

Page rendered in 0.024 seconds. (321KB of memory used)
MySQL - queries: 54, rows: 76/79, time: 0.016 seconds.