I know that feature requests for 3.2 are frozen.. but i have a enhancement idea that i think is crucial for phpbb, and i think the phpbb staff and dev team will agree.I haven't had time to draw up a complete blue print yet, but i have enough information to share with the community, so we can come together and contribute constructive ideas.
Idea: a second/third/fourth layer of security "checks and balances" for admin/mod accounts by using security questions.
as of now.. if a admin/mod's account is compromised, there is no second layer of security.
sense phpbb3 already logs IP's, we could use this to better protect admin/mod accounts by
1. remembering admin's/mods previous ip address's
2. when a admin/mod attempts to login, and the system/site notices its from a different ip address.. it will ask one of the various security questions " i would say there should be 3-5 questions"
3. If the questions are not answered correctly.. it could go a couple of ways.. the account could be frozen for X amount of time.. the account could be locked till another admin approves it or .. changes the security questions of they are lost/forgotten.
when the account is validated with the correct security question from a new ip.. then all is good and it remembers that ip address for future use. When the admin/mod returns and logs in from the same ip address.. it will not ask the security question.
With that said, I believe this is a enhancement that is greatly needed for the admin/mods, and a feature that will continue to make phpbb the best forum software out.
All ideas, questions, comments and constructive criticism is welcome.Thanks for your time
BobBob
