MyBB Community Forums
Password recovery through mobile? - Printable Version

+- MyBB Community Forums (https://community.mybb.com)
+-- Forum: Community Archive (https://community.mybb.com/forum-106.html)
+--- Forum: Archived Forums (https://community.mybb.com/forum-143.html)
+---- Forum: Archived Development and Support (https://community.mybb.com/forum-155.html)
+----- Forum: MyBB 1.6 (https://community.mybb.com/forum-138.html)
+------ Forum: 1.6 Security Management and Support (https://community.mybb.com/forum-153.html)
+------ Thread: Password recovery through mobile? (/thread-146271.html)



Password recovery through mobile? - Doxer - 2013-10-05

Given it good thought. What if MyBB users could recover their accounts through mobile as an addition to recovery through email? These phone numbers could also be hidden from administrators in the ACP and possibly encrypted in the DB just like passwords are.

Give me your opinions below! Cool


RE: Password recovery through mobile? - Arbaz - 2013-10-07

Nice idea but too much coding I believe. Some people don't feel safe giving out their cell phone numbers either. The new 2-factor auth feature in 1.8 should make the accounts harder to compromise.


RE: Password recovery through mobile? - Josh H. - 2013-10-07

(2013-10-05, 06:25 PM)Doxer Wrote: Given it good thought. What if MyBB users could recover their accounts through mobile as an addition to recovery through email? These phone numbers could also be hidden from administrators in the ACP and possibly encrypted in the DB just like passwords are.

Give me your opinions below! Cool
It wouldn't work just like passwords. Passwords are one-way hashed and compared upon login. Phone numbers would need to be encrypted with something like key authentication, which as Arbaz said, would require a significant amount of code to implement.


RE: Password recovery through mobile? - Krytic - 2013-10-08

(2013-10-07, 03:06 AM)Arbaz Wrote: Nice idea but too much coding I believe. Some people don't feel safe giving out their cell phone numbers either. The new 2-factor auth feature in 1.8 should make the accounts harder to compromise.

Has 2 factor auth been confirmed? I thought the team was still discussing whether or not to do it based on it's feasibility.


RE: Password recovery through mobile? - Arbaz - 2013-10-08

(2013-10-08, 12:49 AM)Seabody Wrote:
(2013-10-07, 03:06 AM)Arbaz Wrote: Nice idea but too much coding I believe. Some people don't feel safe giving out their cell phone numbers either. The new 2-factor auth feature in 1.8 should make the accounts harder to compromise.

Has 2 factor auth been confirmed? I thought the team was still discussing whether or not to do it based on it's feasibility.

It's still pending (As far as I know from the Roadmap).


RE: Password recovery through mobile? - JordanMussi - 2013-10-11

The roadmap says that it's research.
Tomm M Wrote: RESEARCH: Security questions for forgot password/change email/password (is 2-factor auth possible?)

It would be good to have it implemented but it may be a bit of effort to code. A developer may have been looking into it in more detail...


RE: Password recovery through mobile? - Doxer - 2013-10-12

True I agree with you all, that a lot of coding would indeed be a factor. But hey, that's what development is all about. Anything to keep our accounts more secure would be well worth looking into, thanks MyBB team.


RE: Password recovery through mobile? - Stefan C. - 2013-10-12

(2013-10-05, 06:25 PM)Doxer Wrote: Given it good thought. What if MyBB users could recover their accounts through mobile as an addition to recovery through email? These phone numbers could also be hidden from administrators in the ACP and possibly encrypted in the DB just like passwords are.

Give me your opinions below! Cool

The passwords are not encrypted. They are hashed. Even if you were to 'hide' the passwords in the AdminCP, it would only be a matter of getting into the database and finding the encryption key and algorithm..