Please turn on javascript in your browser to play chess.
Site Ideas Forum

Site Ideas Forum

  1. 20 Sep '05 07:15
    When I log in to Red Hot Pawn, it asks me to enter my e-mail address and password. However, for security reasons, it should ask for my username and password instead of my e-mail address and password. This is why we have a username, unlike in Friendster.

    1. For most popular sites exist several "hoax sites" which look like the site and prompt you to log in, hoping to get your login information and get into your account to hack it. If I should ever fall for such a hoax, not only am I giving away my RHP login information, I am also giving away my e-mail address! Not only may my RHP account be hacked into, spam may bombard my Gmail inbox!!
    2. Similarly, if I log in to RHP using internet kiosks or a friend's house, I do not want others to see my e-mail address.
    3. My username is way shorter than my e-mail address, so typing my username is faster and there is less room for typos.

    Opinions please.
  2. Standard member XanthosNZ
    Cancerous Bus Crash
    20 Sep '05 07:33
    Originally posted by hildanknight
    When I log in to Red Hot Pawn, it asks me to enter my e-mail address and password. However, for security reasons, it should ask for my username and password instead of my e-mail address and password. This is why we have a username, unlike in Friendster.

    1. For most popular sites exist several "hoax sites" which look like the site and prompt you to ...[text shortened]... l address, so typing my username is faster and there is less room for typos.

    Opinions please.
    If your username is used to login then if someone wants to break into your profile they already have everything but the password. I'm sure if this were the case well-known players would be constant targets.

    By using your email address instead of your username they not only have to guess your password but your email address as well.
  3. 21 Sep '05 08:08
    Originally posted by XanthosNZ
    If your username is used to login then if someone wants to break into your profile they already have everything but the password. I'm sure if this were the case well-known players would be constant targets.

    By using your email address instead of your username they not only have to guess your password but your email address as well.
    Actually, I think the points that hildanknight brought across do outweigh the problem of someone guessing your email address.

    Anyone who uses passwords which are easy to guess should not be anywhere near a computer.
  4. Standard member Exy
    Damn fine Clan!
    21 Sep '05 12:45 / 2 edits
    Originally posted by hildanknight
    When I log in to Red Hot Pawn, it asks me to enter my e-mail address and password. However, for security reasons, it should ask for my username and password instead of my e-mail address and password. This is why we have a username, unlike in Friendster.

    1. For most popular sites exist several "hoax sites" which look like the site and prompt you to ...[text shortened]... l address, so typing my username is faster and there is less room for typos.

    Opinions please.
    Unless you're using a public computer to access the site there should be little reason to logout at all. If I login on a public access PC I always clear the cache and delete my cookies before leaving it.

    It's quite common practice for sites to use your primary email address as your login name, I have to do this at several sites, including most webmail providers, this is a standard form of verification, so I don't see how it's a major problem.
  5. 22 Sep '05 07:31
    Originally posted by Exy
    Unless you're using a public computer to access the site there should be little reason to logout at all. If I login on a public access PC I always clear the cache and delete my cookies before leaving it.

    It's quite common practice for sites to use your primary email address as your login name, I have to do this at several sites, including most webmail providers, this is a standard form of verification, so I don't see how it's a major problem.
    Webmail providers obviously require you to log in with your e-mail address and password!

    I make my password ultra-hard to guess.

    I think you did not understand what I meant by "hoax sites". Suppose I create an account on Geocities (web host), and steal the RHP HTML, I can create a web page that looks EXACTLY like RHP home. The only difference is: when you enter your login information, it is sent to me by e-mail! With your login info, I can hack into your account! And with your e-mail address, I can bombard you with spam!

    (P.S. I don't know how to do that, but others can. Many accomplished sites have several hoax sites created by users wishing to hack accounts.)
  6. Standard member XanthosNZ
    Cancerous Bus Crash
    22 Sep '05 07:32
    Originally posted by hildanknight
    Webmail providers obviously require you to log in with your e-mail address and password!

    I make my password ultra-hard to guess.

    I think you did not understand what I meant by "hoax sites". Suppose I create an account on Geocities (web host), and steal the RHP HTML, I can create a web page that looks EXACTLY like RHP home. The only difference is ...[text shortened]... can. Many accomplished sites have several hoax sites created by users wishing to hack accounts.)
    Of course for that to work you would have to get the person to view your site instead of the actual site and then be stupid enough not to notice the web address not even being close.
  7. 22 Sep '05 07:41
    Stupid people exist in this world, you know. NeoPets is a very popular game site with over 100 million users. Many hoax NeoPets sites exist, and many players have fallen for the scams and lost their accounts. I myself fell for this as a newbie, and now, despite my 4 years experience with NeoPets, I have almost fallen for such scams on several occasions.
    Though I expect the chess community here to be smarter, and less hoax sites (I don't think RHP has hit a million users yet), RHP users must be aware of this possibility. And there are many ways for someone to trick you into going into a hoax site. All they need is to give you a link: RHP forums and mails impersonating RHP are but two possibilities.
  8. Standard member XanthosNZ
    Cancerous Bus Crash
    22 Sep '05 07:44
    Originally posted by hildanknight
    Stupid people exist in this world, you know. NeoPets is a very popular game site with over 100 million users. Many hoax NeoPets sites exist, and many players have fallen for the scams and lost their accounts. I myself fell for this as a newbie, and now, despite my 4 years experience with NeoPets, I have almost fallen for such scams on several occasions. ...[text shortened]... ey need is to give you a link: RHP forums and mails impersonating RHP are but two possibilities.
    Neopets.
    Neopets.
    NEOOOOOOOPETS. :'(