Make you type password to change personal details!

Anyone logged in as someone else can currently steal your password simply by changing the e-mail to their own. It then e-mails that address with the password. Please make it so you must retype your password to make personal adjustments. This will cut down on a big security hole. Of couse you shouldn't stay logged in on a computer you don't trust, but still...

good simple easy to do idea. got my rec

anyone... else?

Originally posted by Coconut
Anyone logged in as someone else can currently steal your password simply by changing the e-mail to their own. It then e-mails that address with the password. Please make it so you must retype your password to make personal adjustments. This will cut down on a big security hole. Of couse you shouldn't stay logged in on a computer you don't trust, but still...

??? How can I log in as " someone else" without knowing the "someone else" email address ?

Originally posted by Ravello
??? How can I log in as " someone else" without knowing the "someone else" email address ?

If someone left themselves logged in, you could take that account's password.

Originally posted by Coconut
If someone left themselves logged in, you could take that account's password.

Well,I guess it can be done only if you leave your login informations on a public computer.

If you're clever enough to delete cookies after you ended your session,let's say in a public library, that trouble cannot happen.

Originally posted by Ravello
Well,I guess it can be done only if you leave your login informations on a public computer.

If you're clever enough to delete cookies after you ended your session,let's say in a public library, that trouble cannot happen.

I know, but I also know that in the computer service business you must try to accomodate to the dumbest customer. Someone leaving their account on can get their games moved in, but we should try to avoid stolen accounts, or worse:

Often people use the same password. Get one password, you get the e-mail password, you get the bank account password. Now a few lost games is one thing, but when the system allows one mistake to give someone your whole account, that needs to be fixed.

Russ?

Make you type password to change personal details!


Are you sure?

Originally posted by Bowmann
[b]Make you type password to change personal details!


Are you sure?[/b]

"Make user type password to change personal details"?

Originally posted by Coconut
"Make user type password to change personal details"?

Good idea. Why don't you suggest it?

A good, save and secure site allways ecuses little mistakes users make.
I think this makes senes! And at least an email should be sent to your old emailadress.
my rec!
th

I agree with this idea. There's no "rememebr this password" box so if I play on a mates computer he can simply goto the site and he's automatically logged on.

Not good, like coconut said, you have to make things simply for the dumbest users.