Jump to content

ACP Login: Use email instead of username

Guest Wolfie

By Guest Wolfie
in Feedback

What ya think?  

21 members have voted

You do not have permission to vote in this poll, or see the poll results. Please sign in or register to vote in this poll.

Recommended Posts

Wolfie Grand Master

Wolfie

Posted
Posted

I'd also like to remind Matt with this:



If converge email login is enabled, to have registration NOT ask for a login name - but to use the email address as the login name in the database.



Ha ha. :lol:

Ok, let's get on the ACP log in idea.
Link to comment
Share on other sites
Dlf Collaborator

Dlf

Posted
Posted

If you want ideas for ACP secutiy I may have some

1. Admin optinon for which users (with ACP access) HAVE to log in with a password (like right now). Or e-mail. Or both.

2. ACP gets a (OPTIONAL?) second password that can be changed for the ACP enabled users (ROOT admin option only?)

3. ACP and or the "users" account gets locked for x amount of time.

4. Passworded sections - Does what it sounds like. The tabs and "pages" within the ACP get a big fat password "lock" on them. And only the password can open them (if the section or page has a password). [may not get a lot of support . . .]. O and the passwords could be changed, the admin can set them, or they can randomly be selected (from a [huge?] list of passwords).


I think that's all that I can come up with now.

Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

If you want ideas for ACP secutiy I may have some



1. Admin optinon for which users (with ACP access) HAVE to log in with a password (like right now). Or e-mail. Or both.



2. ACP gets a (OPTIONAL?) second password that can be changed for the ACP enabled users (ROOT admin option only?)



3. ACP and or the "users" account gets locked for [i]x[/i] amount of time.



4. Passworded sections - Does what it sounds like. The tabs and "pages" within the ACP get a big fat password "lock" on them. And only the password can open them (if the section or page has a password). [may not get a lot of support . . .]. O and the passwords could be changed, the admin can set them, or they can randomly be selected (from a [huge?] list of passwords).


I think that's all that I can come up with now.



1. Should always require a password. If the email used were to get figured out and it were used in place of the password.. Well, you see the flaw there.

2. I like the "optional" part. Perhaps a secondary password per account. Then Root admin can decide who has to use only the regular password, secondary password, both, or individually choosable.
ex.
Root admins [Regular password(default)/Secondary/Both/Per account]
Regular admins [Regular password(default)/Secondary/Both/Per account]
The 'per account' would be nice to have for the 2nd level admins because then some may choose to use extra security to stop their account from being the source of destruction if problems ever occur.

3. That idea is already being tossed around in another thread for all accounts.

4. If included, I'd hope it is completely optional, because that sounds like it'd be more hassle than it'd be worth.
Link to comment
Share on other sites
Wolfie Grand Master

Wolfie

Posted
Posted

I don't like the idea.



If it becomes an option, its OK so long as its settable.

Most definitely.

The idea is to have options for how to sign in. That way it's harder to figure out how to hack into an individual board.

If the admin has one sign in name (and a different display name), then uses that, the email and 2 passwords to sign in, then the likelihood of that account getting hacked is a bit lower than someone who uses the same sign-in name and only 1 password.

But the idea is to let the root admin decide how it's set up.
Link to comment
Share on other sites
Rοb Community Regular

Rοb

Posted
Posted

As long as the Display Name feature is activated on your board it makes the ACP feature very secure if you change your Log In name to something no-one would ever guess.

A would-be hacker needs to guess both the Log In name and the password which is impossible unless the admin is an idjit and has chosen very unwisely.

The other option (like ive been quoted above) is if you have the Converge E-Mail login enabled.

As long as the E-Mail login also applies to the ACP (hopefully it will soon) and the email address is hidden, the board admins accounts should be very safe indeed, especially if you have a very random e-mail address to be used.

Whichever way you choose will mean the board admins account(s) are very well protected against any "account guesser", the only real threat is sql injection exploits etc

Link to comment
Share on other sites
scylla Newbie

scylla

Posted
Posted

I agree with this option, as if someone were to gain access to an Admins account - they couldn't get into the ACP unless they knew the e-mail address.




I totally disagree with this.

I think that you should be able to answer a security question. Such as "where were you born?" "what is your birthday?" "What is your mothers maiden name?" etc.. because an email addy is easy enough to find, just click "email admin" button.
Link to comment
Share on other sites
.Justin Newbie

.Justin

Posted
Posted

Adding an email doesn't really make the log in anymore secure or what not, but the optional verification image was a nice idea to prevent scripts from brute forcing the passwords. Adding the id would be the same as the email, both are easy to figure out and don't really add more more protection, the only logical ideas for extra input is a verification code, or a second password.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Invision Community © 2024 IPS, Inc.
×
×
  • Create New...