Referring to a userID is confusing because phpBB already has a user_id. Using the term login-name may be better.peopleopinion wrote:UserID
Reserved, used to login only. It MUST be different from the Nickname of course.
Wouldn't that make this change completely pointless since then an attacker wouldn't need to know the login-name in order to login they would simply use the username?John P wrote:... but it should be possible to login with userid or username(nick)
Passwords can't be recovered.peopleopinion wrote:if a user forgets a password (s)he could attempt a recovery
This increases crackers chances highly. Right now you have to know name and e-mail address. Knowing only one of both/three makes it even easier to get access once they own the e-mail account.peopleopinion wrote:with:
> The email address;
> The public Username|Nickname
> The reserved UserID
Thanks for this suggestion, I'll adopt this line.Oyabun1 wrote:Referring to a userID is confusing because phpBB already has a user_id. Using the term login-name may be better.
I don't agree with this because if it will be possible to use both to login my proposal becomes pointless.John P wrote:I really like this idea but it should be possible to login with userid or username(nick)
The term userid is not correct I think.
I don't agree neither with this because if someone gives his/her email address privately, or pubblicate it somewhere so it is not secreted, in this way my proposal becomes without sense too.callumacrae wrote: d) Why not just use the email address? It's not public, right? (or it shouldn't be)
Well... might be... but the security is improved... and anyway they have to write them just once just when they register, and they have to remember (or write) just the login and the pass that is two words like it is now: now they have to remember (or write) the nick and the pass, so there is not the need for users to use more "memory" in their "brain" than now because they will have two think to remember or write as now is.callumacrae wrote: b) People will just choose the same userID and nickname, and will get annoyed if you force them to be different
Sorry I'm ignorant in this matter what's that?callumacrae wrote: c) Textbook security through obscurity?
More or less yes: it multiply the security because login is secret like the pass and if a cracker tries to gain the access to an account (user or admin), the cracker has to multiply his/her resources and efforts. But to find the right combination of login and pass is pretty more difficult than to find just the pass if the login is the public username.AmigoJack wrote:This results in more or less two passwords: your login-only-but-nowhere-displayed-name is just a second password.
This is also true: login could be formed by two parts:AmigoJack wrote:This however still needs some kind of collision detection, since they need to be as unique as usernames.
Users browsing this forum: No registered users and 5 guests