(2010-01-15, 03:52 AM)NetSage Wrote: [ -> ]There are a few good password management programs now too .
Do you expect the average user to really have one? Also there's issues with using public computers too.
No, but if they have trouble remembering it's a good idea to get one
. And, I know that allows you manage them online (then you just need to remember 2 passwords so you can get to the rest
).
(2010-01-16, 07:11 AM)NetSage Wrote: [ -> ]No, but if they have trouble remembering it's a good idea to get one . And, I know that allows you manage them online (then you just need to remember 2 passwords so you can get to the rest ).
I don't think the average person even knows the existence of these things. Most will note the password down on a notebook or something. Not the most convenient, but probably a heck of a lot more convenient than your online solution.
In any case, not everyone bothers anyway.
(2010-01-14, 01:26 AM)labrocca Wrote: [ -> ]Just the fact someone lost their password defines them as incompetent.
(2010-01-14, 01:56 AM)labrocca Wrote: [ -> ]That makes them more incompetent.
Lol I couldn't agree more.
I think this "bad idea" can be use as security purpose (keep cookies)
- first, login as administrator. (remember the login/cookies)
- change with phpMyAdmin (or other script), "loginattempts" SQL value for administrator account to value bigger from failed login setting. Maybe 9999?
- thats it!
- your cookies are the key. Any other member access your admin panel/admin user from another computer or another browser (even at internet cafe) will not success to login. Except, the can reach and change SQL manually :lol:
And you can use your private PC safely with existing cookies.
I dont know, yet. How the member.php expired/reset the 9999 value? I am, too lazy reading hundreds of code
So, I think about modifying file admin/index.php?module=user/users&action=edit&uid= and add function/small code
update `mybb_users` set `loginattempts`='0' WHERE `username` = 'name'
on Admin User Editor