Change password after clicking on reset link in email
-
- Registered User
- Posts: 523
- Joined: Sat Apr 22, 2006 10:29 pm
- Contact:
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: Change password after clicking on reset link in email
Do you mean a CAPTCHA or a security question? CAPTCHAs can be verified automatically, but security questions are usually chosen by the user and would require new User Control Panel settings.Danielx64 wrote:Have anyone been to a site there you answer a question when you change your password? (to prevent bots from doing it)
Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
-
- Registered User
- Posts: 165
- Joined: Fri Apr 05, 2013 3:38 am
Re: Change password after clicking on reset link in email
That extra step is not gonna help and infact it can be a pain. First of all, captcha's are not that hard for bots to crack now a days. Also since the activations email link is only gonna be emailed to the users registered email address, bots can only do that for their accounts. I don't see a need for an additional question on that screen.Danielx64 wrote:Have anyone been to a site there you answer a question when you change your password? (to prevent bots from doing it)
- Master_Cylinder
- Registered User
- Posts: 361
- Joined: Wed Jul 31, 2013 9:54 pm
Re: Change password after clicking on reset link in email
Some bots can also figure out some simple Q&A tests like 2+2 = ? Or what is the capital of X?
These kids today...
Buy them books, send them to school and what do they do?
They eat the paste.
Buy them books, send them to school and what do they do?
They eat the paste.
Re: Change password after clicking on reset link in email
That's why you do not pick questions like that.Master_Cylinder wrote:Some bots can also figure out some simple Q&A tests like 2+2 = ? Or what is the capital of X?
- Master_Cylinder
- Registered User
- Posts: 361
- Joined: Wed Jul 31, 2013 9:54 pm
Re: Change password after clicking on reset link in email
I don't but some people do. Doesn't change the fact that neither captcha nor Q&A are secure anymore.Danielx64 wrote:That's why you do not pick questions like that.Master_Cylinder wrote:Some bots can also figure out some simple Q&A tests like 2+2 = ? Or what is the capital of X?
These kids today...
Buy them books, send them to school and what do they do?
They eat the paste.
Buy them books, send them to school and what do they do?
They eat the paste.
Re: Change password after clicking on reset link in email
Q&A is safe. Bad questions are not.
Having a Q&A with a question like "2+2" is like having a lock with the key in it. That doesn't make it a bad lock. The owner is just foolish.
Having a Q&A with a question like "2+2" is like having a lock with the key in it. That doesn't make it a bad lock. The owner is just foolish.
Above message may contain errors in grammar, spelling or wrongly chosen words. This is because I'm not a native speaker. My apologies in advance.
- Master_Cylinder
- Registered User
- Posts: 361
- Joined: Wed Jul 31, 2013 9:54 pm
Re: Change password after clicking on reset link in email
You can't force admins into writing better Q&A questions, especially if they don't know better, so it's not safe. You can blame the admin but it still has potential issues. The better password recovery type Q&A systems even allow the user to write their own questions but there would be nothing to stop a user from writing a bad question there either.
Perhaps if phpBB came up with 10 decent "default" questions and allowed users to write their own as one of the options it would be safer but there is still no guarantee that the users email system hasn't been compromised either. I suppose specialty situations can just be dealt with manually by an admin.
Perhaps if phpBB came up with 10 decent "default" questions and allowed users to write their own as one of the options it would be safer but there is still no guarantee that the users email system hasn't been compromised either. I suppose specialty situations can just be dealt with manually by an admin.
These kids today...
Buy them books, send them to school and what do they do?
They eat the paste.
Buy them books, send them to school and what do they do?
They eat the paste.
- Master_Cylinder
- Registered User
- Posts: 361
- Joined: Wed Jul 31, 2013 9:54 pm
Re: Change password after clicking on reset link in email
Did this get approved yet?Danielx64 wrote: New way:
User forget password -> request new password->clicks on link in email-> Get taken to a page where he can type in a new password -> login with new password.
I think that this is a better way than what https://area51.phpbb.com/phpBB/viewtopi ... 13&t=44919 was trying to do.
These kids today...
Buy them books, send them to school and what do they do?
They eat the paste.
Buy them books, send them to school and what do they do?
They eat the paste.