Log-in authenticator

Post Reply
Registered User
Posts: 11
Joined: Tue Dec 30, 2008 6:16 pm

Log-in authenticator

Post by Wyatt7 » Sat Jul 13, 2013 9:47 pm

The idea I am proposing now has been used many times by websites like Steam for instance.

Basically the idea is the following: When a user/admin attempts log-in for the first time after this feature is implemented, it will send an e-mail to the user(s) account that will have a special code that they have to use to log-in. This code will be used to save the PC/Browser to the authenticated list once they input the code into the appropriate box and submit and thus will only have to use it once on the PC/Browser they're logging in from. If they attempt to log-in from a new pc, it will once again send an e-mail in order to add this pc/browser to the authenticated list.

This will improve account security for all users and will be a great addition in my opinion to the phpBB forum. I hope the idea is considered.



View idea at: Log-in authenticator

Posted by Wyatt7

Google Summer of Code Student
Posts: 10
Joined: Sat Mar 31, 2012 11:01 pm
Name: Joseph Warner

Re: Log-in authenticator

Post by Hardolaf » Sun Jul 14, 2013 2:52 am

Most e-mails are sent over plain text, this would not significantly increase security.

QA Team
Posts: 418
Joined: Wed Jun 18, 2008 10:50 am

Re: Log-in authenticator

Post by brunoais » Sun Jul 14, 2013 8:37 am

Hardolaf wrote:Most e-mails are sent over plain text, this would not significantly increase security.
The security increase is achieved by the OOBC (Out Of Band Channel). The e-mail is a different channel than the page loading. So it does increase security by making the task more difficult for the attacker.
The main situation is that the actual security increase is small compared to the increase in complexity when logging in as it is now.
IMO, this is something that makes sense to place in phpBB but only as an extension or as a MOD.

Post Reply

Return to “phpBB Ideas”