2012-04-24, 12:18 PM
This is maybe a silly question or even seen as unnecessary.
But i have been wondering for a few days if it might be a good idea to have a login system like SW:TOR / GW (image on the bottom) has.
What i mean by that is not the authenticator stuff but the secret question stuff.
That system made you have like 4 or 5 filled in secret questions. And when you would login for the first time you needed to input an answer to one of the secret questions (which was randomly picked), or if you changed to another IP.
The nice part about such a system is the moment you logged in a few times with the same IP it would see that as your fixed IP. Which would mean the next time you logged in it would not ask for it again.
But when your IP changed it would ask for the answer to one of the secret questions again.
And i would really like such a feature, which would make hacking a site more difficult. If somebody tried to get into the admin CP they would need to have your password and the answer to all of your 4 or 5 secret questions. Ofcourse this should be supported for multiple admins, but i think such a feature would improve the protection of a site.
And for the people with a dynamic IP well you could still login, only you would have to remember the answers, write them down or something. Not that big of a deal if you ask me.
Would look something like this:
Login box.
Secret questions.
Options.
And yes i know it wont be fail safe nothing is in the end if they want to get in they will. But a simple (for the user) feature like this could reduce the chance of being hacked i feel.
Some additional information how SW:TOR does it: Link
But i have been wondering for a few days if it might be a good idea to have a login system like SW:TOR / GW (image on the bottom) has.
What i mean by that is not the authenticator stuff but the secret question stuff.
That system made you have like 4 or 5 filled in secret questions. And when you would login for the first time you needed to input an answer to one of the secret questions (which was randomly picked), or if you changed to another IP.
The nice part about such a system is the moment you logged in a few times with the same IP it would see that as your fixed IP. Which would mean the next time you logged in it would not ask for it again.
But when your IP changed it would ask for the answer to one of the secret questions again.
And i would really like such a feature, which would make hacking a site more difficult. If somebody tried to get into the admin CP they would need to have your password and the answer to all of your 4 or 5 secret questions. Ofcourse this should be supported for multiple admins, but i think such a feature would improve the protection of a site.
And for the people with a dynamic IP well you could still login, only you would have to remember the answers, write them down or something. Not that big of a deal if you ask me.
Would look something like this:
Login box.
Secret questions.
Options.
And yes i know it wont be fail safe nothing is in the end if they want to get in they will. But a simple (for the user) feature like this could reduce the chance of being hacked i feel.
Some additional information how SW:TOR does it: Link