Login without password

Want to chit chat about anything, do it here ... posting here won't increase your post count (or shouldn't!). Please do not post any "phpBB" specific topics here unless they do not fit into the category above. Do not post bug reports, feature or support requests!
Forum rules
Please do not post any "phpBB" specific topics here unless they do not fit into the category above.

Do not post bug reports, feature or support requests! No really... Do not post bug reports, feature or support requests! Doing so will make Bertie a very sad bear indeed. :(
User avatar
Pony99CA
Registered User
Posts: 986
Joined: Sun Feb 08, 2009 2:35 am
Location: Hollister, CA
Contact:

Re: Login without password

Post by Pony99CA » Wed May 28, 2014 1:39 am

You could also make it a user choice. The Login form would show user name and password fields like today, but could also have a Send code via E-mail link that would implement this suggestion. Clicking the link in the E-mail would take the user to the password page with the user name filled in and the user would have to enter the code.

Codes should expire fairly quickly, too (no longer than 5 minutes, I'd say).

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: Login without password

Post by MichaelC » Wed May 28, 2014 11:15 am

If someone has access to your email then they could use this to login to your account without your knowledge (just keep an eye on the inbox and when a code comes through (requested by the legitimate user) login with it) whereas with a password reset they have to change your password and the reset email is in your inbox notifying you that someone has compromised your account.
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

User avatar
Kamahl19
Registered User
Posts: 161
Joined: Thu Dec 27, 2007 10:31 am

Re: Login without password

Post by Kamahl19 » Wed May 28, 2014 11:49 am

MichaelC, I dont understand your point. If someone has access to my email, my whole online identity id done. He changes passwords everywhere and use my email as much as possible to benefit or harm me.

If somebody has access to my email now, he can reset password, delete email about reseting password and log in to forum. What is the difference?

User avatar
tmbackoff
Registered User
Posts: 180
Joined: Sat Jun 12, 2010 3:25 am

Re: Login without password

Post by tmbackoff » Wed May 28, 2014 12:44 pm

I've gone ahead and moved this to Chit Chat as it doesn't really pertain to phpBB's development.

User avatar
MichaelC
Development Team
Development Team
Posts: 889
Joined: Thu Jan 28, 2010 6:29 pm

Re: Login without password

Post by MichaelC » Wed May 28, 2014 10:23 pm

Kamahl19 wrote:MichaelC, I dont understand your point. If someone has access to my email, my whole online identity id done. He changes passwords everywhere and use my email as much as possible to benefit or harm me.

If somebody has access to my email now, he can reset password, delete email about reseting password and log in to forum. What is the difference?
If he has access to your email, the only way he could log onto the forums right now is by resetting your password. Doing so would mean that A) an email is sent to your email account B) You password changes both of which would notify you that your email AND forum account was compromised. If he had access to your email (and didn't change your email password) but instead just used this email login he could login to your forum account and unless he changed your email or forum passwords you'd be none the wiser. The only thing worse than a compromised account is an account that is compromised and you don't even know it is. A clever hacker won't change your email password as soon as they get into it.
Formerly known as Unknown Bliss
psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
No unsolicited PMs please except for quotes.

Post Reply