1. Joined
    17 Sep '05
    Moves
    329
    20 Sep '05 07:15
    When I log in to Red Hot Pawn, it asks me to enter my e-mail address and password. However, for security reasons, it should ask for my username and password instead of my e-mail address and password. This is why we have a username, unlike in Friendster.

    1. For most popular sites exist several "hoax sites" which look like the site and prompt you to log in, hoping to get your login information and get into your account to hack it. If I should ever fall for such a hoax, not only am I giving away my RHP login information, I am also giving away my e-mail address! Not only may my RHP account be hacked into, spam may bombard my Gmail inbox!!
    2. Similarly, if I log in to RHP using internet kiosks or a friend's house, I do not want others to see my e-mail address.
    3. My username is way shorter than my e-mail address, so typing my username is faster and there is less room for typos.

    Opinions please.
  2. Standard memberXanthosNZ
    Cancerous Bus Crash
    p^2.sin(phi)
    Joined
    06 Sep '04
    Moves
    25076
    20 Sep '05 07:33
    Originally posted by hildanknight
    When I log in to Red Hot Pawn, it asks me to enter my e-mail address and password. However, for security reasons, it should ask for my username and password instead of my e-mail address and password. This is why we have a username, unlike in Friendster.

    1. For most popular sites exist several "hoax sites" which look like the site and prompt you to ...[text shortened]... l address, so typing my username is faster and there is less room for typos.

    Opinions please.
    If your username is used to login then if someone wants to break into your profile they already have everything but the password. I'm sure if this were the case well-known players would be constant targets.

    By using your email address instead of your username they not only have to guess your password but your email address as well.
  3. Joined
    28 Jul '04
    Moves
    69659
    21 Sep '05 08:08
    Originally posted by XanthosNZ
    If your username is used to login then if someone wants to break into your profile they already have everything but the password. I'm sure if this were the case well-known players would be constant targets.

    By using your email address instead of your username they not only have to guess your password but your email address as well.
    Actually, I think the points that hildanknight brought across do outweigh the problem of someone guessing your email address.

    Anyone who uses passwords which are easy to guess should not be anywhere near a computer.
  4. Standard memberExy
    Damn fine Clan!
    Account suspended
    Joined
    03 Sep '03
    Moves
    72459
    21 Sep '05 12:452 edits
    Originally posted by hildanknight
    When I log in to Red Hot Pawn, it asks me to enter my e-mail address and password. However, for security reasons, it should ask for my username and password instead of my e-mail address and password. This is why we have a username, unlike in Friendster.

    1. For most popular sites exist several "hoax sites" which look like the site and prompt you to ...[text shortened]... l address, so typing my username is faster and there is less room for typos.

    Opinions please.
    Unless you're using a public computer to access the site there should be little reason to logout at all. If I login on a public access PC I always clear the cache and delete my cookies before leaving it.

    It's quite common practice for sites to use your primary email address as your login name, I have to do this at several sites, including most webmail providers, this is a standard form of verification, so I don't see how it's a major problem.
  5. Joined
    17 Sep '05
    Moves
    329
    22 Sep '05 07:31
    Originally posted by Exy
    Unless you're using a public computer to access the site there should be little reason to logout at all. If I login on a public access PC I always clear the cache and delete my cookies before leaving it.

    It's quite common practice for sites to use your primary email address as your login name, I have to do this at several sites, including most webmail providers, this is a standard form of verification, so I don't see how it's a major problem.
    Webmail providers obviously require you to log in with your e-mail address and password!

    I make my password ultra-hard to guess.

    I think you did not understand what I meant by "hoax sites". Suppose I create an account on Geocities (web host), and steal the RHP HTML, I can create a web page that looks EXACTLY like RHP home. The only difference is: when you enter your login information, it is sent to me by e-mail! With your login info, I can hack into your account! And with your e-mail address, I can bombard you with spam!

    (P.S. I don't know how to do that, but others can. Many accomplished sites have several hoax sites created by users wishing to hack accounts.)
  6. Standard memberXanthosNZ
    Cancerous Bus Crash
    p^2.sin(phi)
    Joined
    06 Sep '04
    Moves
    25076
    22 Sep '05 07:32
    Originally posted by hildanknight
    Webmail providers obviously require you to log in with your e-mail address and password!

    I make my password ultra-hard to guess.

    I think you did not understand what I meant by "hoax sites". Suppose I create an account on Geocities (web host), and steal the RHP HTML, I can create a web page that looks EXACTLY like RHP home. The only difference is ...[text shortened]... can. Many accomplished sites have several hoax sites created by users wishing to hack accounts.)
    Of course for that to work you would have to get the person to view your site instead of the actual site and then be stupid enough not to notice the web address not even being close.
  7. Joined
    17 Sep '05
    Moves
    329
    22 Sep '05 07:41
    Stupid people exist in this world, you know. NeoPets is a very popular game site with over 100 million users. Many hoax NeoPets sites exist, and many players have fallen for the scams and lost their accounts. I myself fell for this as a newbie, and now, despite my 4 years experience with NeoPets, I have almost fallen for such scams on several occasions.
    Though I expect the chess community here to be smarter, and less hoax sites (I don't think RHP has hit a million users yet), RHP users must be aware of this possibility. And there are many ways for someone to trick you into going into a hoax site. All they need is to give you a link: RHP forums and mails impersonating RHP are but two possibilities.
  8. Standard memberXanthosNZ
    Cancerous Bus Crash
    p^2.sin(phi)
    Joined
    06 Sep '04
    Moves
    25076
    22 Sep '05 07:44
    Originally posted by hildanknight
    Stupid people exist in this world, you know. NeoPets is a very popular game site with over 100 million users. Many hoax NeoPets sites exist, and many players have fallen for the scams and lost their accounts. I myself fell for this as a newbie, and now, despite my 4 years experience with NeoPets, I have almost fallen for such scams on several occasions. ...[text shortened]... ey need is to give you a link: RHP forums and mails impersonating RHP are but two possibilities.
    Neopets. 🙄
    Neopets. 😞
    NEOOOOOOOPETS. :'(
Back to Top