Anyone logged in as someone else can currently steal your password simply by changing the e-mail to their own. It then e-mails that address with the password. Please make it so you must retype your password to make personal adjustments. This will cut down on a big security hole. Of couse you shouldn't stay logged in on a computer you don't trust, but still...
Originally posted by Coconut Anyone logged in as someone else can currently steal your password simply by changing the e-mail to their own. It then e-mails that address with the password. Please make it so you must retype your password to make personal adjustments. This will cut down on a big security hole. Of couse you shouldn't stay logged in on a computer you don't trust, but still...
??? How can I log in as " someone else" without knowing the "someone else" email address ?
Originally posted by Ravello Well,I guess it can be done only if you leave your login informations on a public computer.
If you're clever enough to delete cookies after you ended your session,let's say in a public library, that trouble cannot happen.
I know, but I also know that in the computer service business you must try to accomodate to the dumbest customer. Someone leaving their account on can get their games moved in, but we should try to avoid stolen accounts, or worse:
Often people use the same password. Get one password, you get the e-mail password, you get the bank account password. Now a few lost games is one thing, but when the system allows one mistake to give someone your whole account, that needs to be fixed.
A good, save and secure site allways ecuses little mistakes users make.
I think this makes senes! And at least an email should be sent to your old emailadress.
my rec!
th
I agree with this idea. There's no "rememebr this password" box so if I play on a mates computer he can simply goto the site and he's automatically logged on.
Not good, like coconut said, you have to make things simply for the dumbest users.