1. Earth Prime
    Joined
    16 Mar '05
    Moves
    21936
    25 Jul '05 02:11
    Anyone logged in as someone else can currently steal your password simply by changing the e-mail to their own. It then e-mails that address with the password. Please make it so you must retype your password to make personal adjustments. This will cut down on a big security hole. Of couse you shouldn't stay logged in on a computer you don't trust, but still...
  2. Home
    Joined
    29 Apr '05
    Moves
    19877
    25 Jul '05 03:48
    good simple easy to do idea. got my rec
  3. Earth Prime
    Joined
    16 Mar '05
    Moves
    21936
    25 Jul '05 14:57
    anyone... else?
  4. Standard memberRavello
    The RudeĀ©
    who knows?
    Joined
    30 Dec '03
    Moves
    176648
    25 Jul '05 16:40
    Originally posted by Coconut
    Anyone logged in as someone else can currently steal your password simply by changing the e-mail to their own. It then e-mails that address with the password. Please make it so you must retype your password to make personal adjustments. This will cut down on a big security hole. Of couse you shouldn't stay logged in on a computer you don't trust, but still...
    ??? How can I log in as " someone else" without knowing the "someone else" email address ?
  5. Earth Prime
    Joined
    16 Mar '05
    Moves
    21936
    25 Jul '05 17:23
    Originally posted by Ravello
    ??? How can I log in as " someone else" without knowing the "someone else" email address ?
    If someone left themselves logged in, you could take that account's password.
  6. Standard memberRavello
    The RudeĀ©
    who knows?
    Joined
    30 Dec '03
    Moves
    176648
    25 Jul '05 17:31
    Originally posted by Coconut
    If someone left themselves logged in, you could take that account's password.
    Well,I guess it can be done only if you leave your login informations on a public computer.

    If you're clever enough to delete cookies after you ended your session,let's say in a public library, that trouble cannot happen.
  7. Earth Prime
    Joined
    16 Mar '05
    Moves
    21936
    25 Jul '05 17:37
    Originally posted by Ravello
    Well,I guess it can be done only if you leave your login informations on a public computer.

    If you're clever enough to delete cookies after you ended your session,let's say in a public library, that trouble cannot happen.
    I know, but I also know that in the computer service business you must try to accomodate to the dumbest customer. Someone leaving their account on can get their games moved in, but we should try to avoid stolen accounts, or worse:

    Often people use the same password. Get one password, you get the e-mail password, you get the bank account password. Now a few lost games is one thing, but when the system allows one mistake to give someone your whole account, that needs to be fixed.

    Russ?
  8. Standard memberBowmann
    Non-Subscriber
    RHP IQ
    Joined
    17 Mar '05
    Moves
    1345
    26 Jul '05 14:51
    Make you type password to change personal details!


    Are you sure?
  9. Earth Prime
    Joined
    16 Mar '05
    Moves
    21936
    26 Jul '05 17:33
    Originally posted by Bowmann
    [b]Make you type password to change personal details!


    Are you sure?[/b]
    "Make user type password to change personal details"?
  10. Standard memberBowmann
    Non-Subscriber
    RHP IQ
    Joined
    17 Mar '05
    Moves
    1345
    26 Jul '05 19:27
    Originally posted by Coconut
    "Make user type password to change personal details"?
    Good idea. Why don't you suggest it?
  11. Standard memberthire
    Xebite
    in front of you
    Joined
    06 Jan '03
    Moves
    15730
    28 Jul '05 19:12
    A good, save and secure site allways ecuses little mistakes users make.
    I think this makes senes! And at least an email should be sent to your old emailadress.
    my rec!
    th
  12. London
    Joined
    11 May '04
    Moves
    240371
    29 Jul '05 19:57
    I agree with this idea. There's no "rememebr this password" box so if I play on a mates computer he can simply goto the site and he's automatically logged on.

    Not good, like coconut said, you have to make things simply for the dumbest users.
Back to Top