Given it good thought. What if MyBB users could recover their accounts through mobile as an addition to recovery through email? These phone numbers could also be hidden from administrators in the ACP and possibly encrypted in the DB just like passwords are.
Give me your opinions below!
Nice idea but too much coding I believe. Some people don't feel safe giving out their cell phone numbers either. The new 2-factor auth feature in 1.8 should make the accounts harder to compromise.
(2013-10-05, 06:25 PM)Doxer Wrote: [ -> ]Given it good thought. What if MyBB users could recover their accounts through mobile as an addition to recovery through email? These phone numbers could also be hidden from administrators in the ACP and possibly encrypted in the DB just like passwords are.
Give me your opinions below!
It wouldn't work just like passwords. Passwords are one-way hashed and compared upon login. Phone numbers would need to be encrypted with something like key authentication, which as Arbaz said, would require a significant amount of code to implement.
(2013-10-07, 03:06 AM)Arbaz Wrote: [ -> ]Nice idea but too much coding I believe. Some people don't feel safe giving out their cell phone numbers either. The new 2-factor auth feature in 1.8 should make the accounts harder to compromise.
Has 2 factor auth been confirmed? I thought the team was still discussing whether or not to do it based on it's feasibility.
(2013-10-08, 12:49 AM)Seabody Wrote: [ -> ] (2013-10-07, 03:06 AM)Arbaz Wrote: [ -> ]Nice idea but too much coding I believe. Some people don't feel safe giving out their cell phone numbers either. The new 2-factor auth feature in 1.8 should make the accounts harder to compromise.
Has 2 factor auth been confirmed? I thought the team was still discussing whether or not to do it based on it's feasibility.
It's still pending (As far as I know from the Roadmap).
The roadmap says that it's research.
Tomm M Wrote: [ -> ]RESEARCH: Security questions for forgot password/change email/password (is 2-factor auth possible?)
It would be good to have it implemented but it may be a bit of effort to code. A developer may have been looking into it in more detail...
True I agree with you all, that a lot of coding would indeed be a factor. But hey, that's what development is all about. Anything to keep our accounts more secure would be well worth looking into, thanks MyBB team.
(2013-10-05, 06:25 PM)Doxer Wrote: [ -> ]Given it good thought. What if MyBB users could recover their accounts through mobile as an addition to recovery through email? These phone numbers could also be hidden from administrators in the ACP and possibly encrypted in the DB just like passwords are.
Give me your opinions below!
The passwords are not encrypted. They are hashed. Even if you were to 'hide' the passwords in the AdminCP, it would only be a matter of getting into the database and finding the encryption key and algorithm..