.John. Posted August 15, 2005 Posted August 15, 2005 I'd also like to remind Matt with this: If converge email login is enabled, to have registration NOT ask for a login name - but to use the email address as the login name in the database.
Wolfie Posted August 15, 2005 Posted August 15, 2005 I'd also like to remind Matt with this: If converge email login is enabled, to have registration NOT ask for a login name - but to use the email address as the login name in the database. Ha ha. :lol: Ok, let's get on the ACP log in idea.
cvxdes Posted August 18, 2005 Posted August 18, 2005 I dont like the idea... Just more typing+its pointless.
Wolfie Posted August 18, 2005 Posted August 18, 2005 The point would be increased security for the AdminCP.
Dlf Posted August 18, 2005 Posted August 18, 2005 If you want ideas for ACP secutiy I may have some 1. Admin optinon for which users (with ACP access) HAVE to log in with a password (like right now). Or e-mail. Or both. 2. ACP gets a (OPTIONAL?) second password that can be changed for the ACP enabled users (ROOT admin option only?) 3. ACP and or the "users" account gets locked for x amount of time. 4. Passworded sections - Does what it sounds like. The tabs and "pages" within the ACP get a big fat password "lock" on them. And only the password can open them (if the section or page has a password). [may not get a lot of support . . .]. O and the passwords could be changed, the admin can set them, or they can randomly be selected (from a [huge?] list of passwords). I think that's all that I can come up with now.
Wolfie Posted August 18, 2005 Posted August 18, 2005 If you want ideas for ACP secutiy I may have some 1. Admin optinon for which users (with ACP access) HAVE to log in with a password (like right now). Or e-mail. Or both. 2. ACP gets a (OPTIONAL?) second password that can be changed for the ACP enabled users (ROOT admin option only?) 3. ACP and or the "users" account gets locked for [i]x[/i] amount of time. 4. Passworded sections - Does what it sounds like. The tabs and "pages" within the ACP get a big fat password "lock" on them. And only the password can open them (if the section or page has a password). [may not get a lot of support . . .]. O and the passwords could be changed, the admin can set them, or they can randomly be selected (from a [huge?] list of passwords). I think that's all that I can come up with now. 1. Should always require a password. If the email used were to get figured out and it were used in place of the password.. Well, you see the flaw there. 2. I like the "optional" part. Perhaps a secondary password per account. Then Root admin can decide who has to use only the regular password, secondary password, both, or individually choosable. ex. Root admins [Regular password(default)/Secondary/Both/Per account] Regular admins [Regular password(default)/Secondary/Both/Per account] The 'per account' would be nice to have for the 2nd level admins because then some may choose to use extra security to stop their account from being the source of destruction if problems ever occur. 3. That idea is already being tossed around in another thread for all accounts. 4. If included, I'd hope it is completely optional, because that sounds like it'd be more hassle than it'd be worth.
Michael P Posted August 18, 2005 Posted August 18, 2005 I don't like the idea. If it becomes an option, its OK so long as its settable.
Wolfie Posted August 18, 2005 Posted August 18, 2005 I don't like the idea. If it becomes an option, its OK so long as its settable.Most definitely. The idea is to have options for how to sign in. That way it's harder to figure out how to hack into an individual board. If the admin has one sign in name (and a different display name), then uses that, the email and 2 passwords to sign in, then the likelihood of that account getting hacked is a bit lower than someone who uses the same sign-in name and only 1 password. But the idea is to let the root admin decide how it's set up.
Rοb Posted August 22, 2005 Posted August 22, 2005 As long as the Display Name feature is activated on your board it makes the ACP feature very secure if you change your Log In name to something no-one would ever guess. A would-be hacker needs to guess both the Log In name and the password which is impossible unless the admin is an idjit and has chosen very unwisely. The other option (like ive been quoted above) is if you have the Converge E-Mail login enabled. As long as the E-Mail login also applies to the ACP (hopefully it will soon) and the email address is hidden, the board admins accounts should be very safe indeed, especially if you have a very random e-mail address to be used. Whichever way you choose will mean the board admins account(s) are very well protected against any "account guesser", the only real threat is sql injection exploits etc
.John. Posted August 22, 2005 Posted August 22, 2005 I agree with this option, as if someone were to gain access to an Admins account - they couldn't get into the ACP unless they knew the e-mail address.
Wolfie Posted August 22, 2005 Posted August 22, 2005 If they gain access to the Admins account, all they have to do is look in "My Controls" to see the email address.
scylla Posted August 22, 2005 Posted August 22, 2005 I agree with this option, as if someone were to gain access to an Admins account - they couldn't get into the ACP unless they knew the e-mail address. I totally disagree with this. I think that you should be able to answer a security question. Such as "where were you born?" "what is your birthday?" "What is your mothers maiden name?" etc.. because an email addy is easy enough to find, just click "email admin" button.
.Justin Posted August 22, 2005 Posted August 22, 2005 Adding an email doesn't really make the log in anymore secure or what not, but the optional verification image was a nice idea to prevent scripts from brute forcing the passwords. Adding the id would be the same as the email, both are easy to figure out and don't really add more more protection, the only logical ideas for extra input is a verification code, or a second password.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.