MyBB Community Forums

This is maybe a silly question or even seen as unnecessary.
But i have been wondering for a few days if it might be a good idea to have a login system like SW:TOR / GW (image on the bottom) has.

What i mean by that is not the authenticator stuff but the secret question stuff.

That system made you have like 4 or 5 filled in secret questions. And when you would login for the first time you needed to input an answer to one of the secret questions (which was randomly picked), or if you changed to another IP.
The nice part about such a system is the moment you logged in a few times with the same IP it would see that as your fixed IP. Which would mean the next time you logged in it would not ask for it again.
But when your IP changed it would ask for the answer to one of the secret questions again.

And i would really like such a feature, which would make hacking a site more difficult. If somebody tried to get into the admin CP they would need to have your password and the answer to all of your 4 or 5 secret questions. Ofcourse this should be supported for multiple admins, but i think such a feature would improve the protection of a site.

And for the people with a dynamic IP well you could still login, only you would have to remember the answers, write them down or something. Not that big of a deal if you ask me.

Would look something like this:

Login box.


Secret questions.


Options.


And yes i know it wont be fail safe nothing is in the end if they want to get in they will. But a simple (for the user) feature like this could reduce the chance of being hacked i feel.

Some additional information how SW:TOR does it: Link

Seems like a lot of clutter for not much benefit. Most forums aren't big companies like EA -- supporting this would be a nightmare.

Login systems need to be short and simple and not to long and complicated.SW:TOR / GW login system are preferct examples of advanced login systems where you need a little more information to login with a account that contains more then username.email and password (account on SW:TOR / GW / other paid systems contain first name,last name,date of birth,location,billing information and other important stuff).

(2012-04-24, 01:57 PM)Johnny S Wrote: [ -> ]Login systems need to be short and simple and not to long and complicated.SW:TOR / GW login system are preferct examples of advanced login systems where you need a little more information to login with a account that contains more then username.email and password (account on SW:TOR / GW / other paid systems contain first name,last name,date of birth,location,billing information and other important stuff).

Oh true, but i meant it purely for admins. Not for every other user on the forum. Just an extra layer of protection which would seem quite nice.

On the part of it being long and complicated, well you only have to input the information once. And you dont always have to input your secret question. Only when / if you would change IP.

Add i let the browser simply remember the password (on my own local computer that nobody else uses so). Then i cant really say it takes more then 1 click and maybe insert some answer to a secret question.

I actually agree with this. If the hacker somehow got your account password... then boom, he has admin control access.

At-least having a security question that can be defined the first time an admin signs into there admin control panel account would be a great feature.

There are plugins such as ACP PIN and SMAK that can do the trick.

(2012-04-24, 02:15 PM)Paul H. Wrote: [ -> ]There are plugins such as ACP PIN and SMAK that can do the trick.

Didnt know there where plugins for that. But something like that would indeed by nice to have as default in MyBB. Would be a nice security enhancement.