Suggestion: Passworded forum replacement

[parry60]

Typing in a password to get to a certain forum can get quite repetitive, especially if you jump around to different forums, right?
Well, here's my idea.
Instead of having password-protected forums, you should have password-protected usergroups. This way, to join a usergroup, you must enter a password, and then that usergroup could have permissions to access the passworded forum.

[Sheps]

I like the idea of the password protected forum

[Linkooseven]

I like the Passworded forum...

But you should be posting suggestions etc at the Tracker--located at SourgeForge.

[hmueller]

Hello,

by they way - is it planned to include a "wrong password error" in 2.2 (i mean: three times the wrong password --> auto-ban for the next 24 hours or so)???

[Heimidal]

Hello,

by they way - is it planned to include a "wrong password error" in 2.2 (i mean: three times the wrong password --> auto-ban for the next 24 hours or so)???

What's the point? If they don't have the right password, they can't access their account anyway. Why ban them when they could potentially figure out the right password on the next try?

[haravikk]

People trying to guess it I suppose, or even bots which try different passwords over and over again? Personally I don't think a ban would solve it if someone was trying to hack the account, anyone could potentially ban a user by putting in wrong passwords. Better to have it brought to the admin's attention that the account has had X password attempts in the past Y hours/days.
Or even, after so many password attempts the user will recieve their password through e-mail, basically an automatic "forgot my password", all further password attempts can't trigger another e-mail (to stop someone spamming using this).

[Adam Atlas]

Or even, after so many password attempts the user will recieve their password through e-mail, basically an automatic "forgot my password", all further password attempts can't trigger another e-mail (to stop someone spamming using this).

It would be basically impossible to do this- the passwords are stored encrypted, using a one-way digest algorithm (MD5), which can't be decrypted (except by using an extremely time-consuming, CPU-intensive brute-force cracking process).

[Shining Arcanine]

Hello,

by they way - is it planned to include a "wrong password error" in 2.2 (i mean: three times the wrong password --> auto-ban for the next 24 hours or so)???

I like this idea. It will keep people from attempting to hack accounts. After all, if you are too stupid to type your password in correctly 3 times in a row, you deserve to be autobanned for a day.

Or even, after so many password attempts the user will recieve their password through e-mail, basically an automatic "forgot my password", all further password attempts can't trigger another e-mail (to stop someone spamming using this).

It would be basically impossible to do this- the passwords are stored encrypted, using a one-way digest algorithm (MD5), which can't be decrypted (except by using an extremely time-consuming, CPU-intensive brute-force cracking process).

Then I would love to know how phpBB 2.04's "I forgot my password" feature works.

[benchayeel]

It allows you to reset you password, It does not send you your current password

[psoTFX]

/me notes (again) that no requests should be posted here

The problem with the three strikes method as outlined here is the inconvenience it causes to users. There are more than a few people who would simply go through the user list trying random passwords causing people trouble.

Even the alternative of some timed ban can be rather irritating, but wrt this we'll see.