Some sort of hacking prevention system.

Perhaps the arenanet solution would be good.
Every time you log in, if the IP doesn't fit a DB of previous IPs, then it sends an email with a confirmation link. It also lets you set the IP as a temporary one say if you're somewhere public.
Shouldn't be too hard to implement, and while it won't stop all hackings it would stop the sythe acc resale hacks of older accs

 

Because 50% of my sythe posts are made from my mobile, it would be entered for me most days. Would it remember I.P's?

 

Not a terrible idea, email confirmation could be a simpler alternative that could be looked at.

I don't see why it shouldn't. Also it would be an optional security feature so if you didn't want it you could just not activate it.

 

And the rest of sythe? lol.

 

Exactly..once the system is built it could just be implemented for everyone. I don't know much about hosting forums but it shouldn't take too much..

If it will be too hard on the server or something possible for $25+ donators?

 

Made a suggestion about this once over here.

Thread died after a few days, hopefully this one will stay up as there's many supporters for sms verification with normal users.

Cheers!

 

What...How does having a mini rank matter lol.

I don't support anyway. As a normal user, having to verify via email, or answer certain questions would just act as a negating factor and would deter me personally from logging in. I can see why it would be important for OMM/Staff/Ex-Mod's; however I don't see this being implemented.

One thing that may prove beneficial if users were given a choice within their UserCP, which allowed them to turn on and off extra security login features, such as Email/Questions. If that user feels the need for the extra security features, then they can decide themselves.

 

You know that most wont do it, Also is it really so hard to put like a 4 digit number you choose yourself next to your password when you try to log in from a different IP? It takes like 0 afford and it's a great way to prevent hackings.

 

We've actually looked in to this in the past. 2-step verification is a difficult system to set up. We have it in place for staff right now, but with the current system we use the price goes up as you add more users. With 300,000+ users, this isn't really a viable option.

There's also the issue of whether or not people have access to/want to link their cell/mobile with Sythe.

An IP-based lockout system would be a pain in the ass for some people. Maybe having them answer a secret question and click a verification link via e-mail when a new IP is detected and then enabling users to create and monitor their own 'whitelist' could be the way to go? I don't know - you tell me!

 

Yes you only need to verify and IP once. It's not that when you log in on school it asks for verification. Then come back some day and you have to do it again. The Idea of a white list is nice I really like that.

It doesn't have to be for everyone of course. Maybe from a certain join date or post count or donor rank/vouches?

 

I support this. If we could have something which operates like JAG where we can verify multiple ways, this could not only increase our own account security but, if you think about it, we could implement a system like this to tone down scamming.

 

I think if we're going to roll something like that out then we can't just keep it exclusive to certain users. I understand there's this desire to be a special snowflake, but if that means compromised security for others... pah.

 

maybe add it as an optional part?
like you can enter 2/3 secret questions and answers and a mobile phone number, when you have set the secret question, there's no way to change it, but when you have forgot it, you could set new ones when you get a pin sented to your mobile phone

and you would need this secret answers if you want to change ur password

 

Hmm.. 300000 members on Sythe, If you'd were to make it available for everyone on Sythe that'd be let's say 50k people that will actually use it? Not even. I don't see that happen.. But I'm not sure how hard this will be for the sever I really have no clue.. I don't think it'll be too hard to make/ handle...

 

The problem is huge, double passwords or something may fix it

 

A cell/mobile phone system isn't even necessary. The white list seems like a good idea. Just something as simple as a pin number verification or an email would be sufficient.

I'm pretty sure that someone explained this above me, but would setting a 4 digit pin that would only be entered if you sign in with an ip that you haven't approved really be that difficult for you? I agree with the second that you said though, it would be nice if it could be turned on or off.


to admins: Also if all of this would be too hard to implement, an optional email saying that someone has accessed your account from x ip might be beneficial.

 

Yes, because they're really going to release the I.P to you.

 

Wouldn't this big a pain in the ass for people with a dynamic IP?

 

That's why you can turn it on or off.

 

Don't be a smart ass, it could just say an unrecognized ip.