I think adding IP logging into the user panel would be a wonderful idea, seeing it as, we don't know who accesses our account.
That or creating a session that does the following:
User agent + IP to secure a session.
and
When user agent/IP is changed and you want to access the account, you need to re-enable the account with that info from clicking a link from mybb too your email!
That's quite difficult with the core as MyBB's session system works completly different. However I've already coded a
Session Manager Plugin. But I doubt that it'll be included in the core.
(2014-12-19, 07:37 AM)Jones H Wrote: [ -> ]That's quite difficult with the core as MyBB's session system works completly different. However I've already coded a Session Manager Plugin. But I doubt that it'll be included in the core.
Yep I understand I just figure it would be a lot more safe, maybe I should put this in 2.0?
Its more safe to have more info stored then nothing at all! The only issue with this I see is that people can grab the useragent and spoof them. So you would almost have to have like a second backup plan such as a 2 step confirmation thing. Possibly adding a secret pass only the user would know!
So it would be:
Check User Agent + IP
Send Email
Secret Pass
Then Access!
Will this be foul proof? Well not 100% but its more safe then just a password!
I've also developed a 2FA plugin
And it'll likely also be a part of the core in 1.8.4 (at least for the ACP).
As 2.0 is a complete rewrite it should be possible to include it there.
(2014-12-19, 08:37 PM)Jones H Wrote: [ -> ]I've also developed a 2FA plugin And it'll likely also be a part of the core in 1.8.4 (at least for the ACP).
As 2.0 is a complete rewrite it should be possible to include it there.
Okay! I will be looking forword too it
