You could also make it a user choice. The Login form would show user name and password fields like today, but could also have a Send code via E-mail link that would implement this suggestion. Clicking the link in the E-mail would take the user to the password page with the user name filled in and the user would have to enter the code.
Codes should expire fairly quickly, too (no longer than 5 minutes, I'd say).
Steve
Login without password
Forum rules
Please do not post any "phpBB" specific topics here unless they do not fit into the category above.
Do not post bug reports, feature or support requests! No really... Do not post bug reports, feature or support requests! Doing so will make Bertie a very sad bear indeed. :(
Please do not post any "phpBB" specific topics here unless they do not fit into the category above.
Do not post bug reports, feature or support requests! No really... Do not post bug reports, feature or support requests! Doing so will make Bertie a very sad bear indeed. :(
- Pony99CA
- Registered User
- Posts: 986
- Joined: Sun Feb 08, 2009 2:35 am
- Location: Hollister, CA
- Contact:
Re: Login without password
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.
Re: Login without password
If someone has access to your email then they could use this to login to your account without your knowledge (just keep an eye on the inbox and when a code comes through (requested by the legitimate user) login with it) whereas with a password reset they have to change your password and the reset email is in your inbox notifying you that someone has compromised your account.
Formerly known as Unknown Bliss
No unsolicited PMs please except for quotes.psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"
Re: Login without password
MichaelC, I dont understand your point. If someone has access to my email, my whole online identity id done. He changes passwords everywhere and use my email as much as possible to benefit or harm me.
If somebody has access to my email now, he can reset password, delete email about reseting password and log in to forum. What is the difference?
If somebody has access to my email now, he can reset password, delete email about reseting password and log in to forum. What is the difference?
Re: Login without password
I've gone ahead and moved this to Chit Chat as it doesn't really pertain to phpBB's development.
Re: Login without password
If he has access to your email, the only way he could log onto the forums right now is by resetting your password. Doing so would mean that A) an email is sent to your email account B) You password changes both of which would notify you that your email AND forum account was compromised. If he had access to your email (and didn't change your email password) but instead just used this email login he could login to your forum account and unless he changed your email or forum passwords you'd be none the wiser. The only thing worse than a compromised account is an account that is compromised and you don't even know it is. A clever hacker won't change your email password as soon as they get into it.Kamahl19 wrote:MichaelC, I dont understand your point. If someone has access to my email, my whole online identity id done. He changes passwords everywhere and use my email as much as possible to benefit or harm me.
If somebody has access to my email now, he can reset password, delete email about reseting password and log in to forum. What is the difference?
Formerly known as Unknown Bliss
No unsolicited PMs please except for quotes.psoTFX wrote: I went with Olympus because as I said to the teams ... "It's been one hell of a hill to climb"