Page Index Toggle Pages: 1
Topic Tools
Hot Topic (More than 10 Replies) Username/Password (Read 5,021 times)
Captain John
Ex Member


Username/Password
Feb 9th, 2010 at 4:44am
Post Tools
  So many users complain about not being able to login ... and it's usually hard to find out why to correct.
   Would like to see separate error messages for Login.
1.) Username not found, check spelling or try entering email address
2.) Username file corrupt, contact Administrator
3.) Password incorrect
  
Back to top
 
IP Logged
 
OH Eng
Past Team Members
Documentation Team
Offline



Posts: 4,026
Location: Pensacola, Florida USA
Re: Username/Password
Reply #1 - Feb 9th, 2010 at 7:08am
Post Tools
Good idea.  Maybe add "email address not found" as an alternative to #1 if that's what the user tries to log in with.

« Last Edit: Feb 9th, 2010 at 7:09am by OH Eng »  

 
Back to top
 
IP Logged
 
The Boy
Full Member
***
Offline



Posts: 339
Location: UK
Re: Username/Password
Reply #2 - Feb 12th, 2010 at 2:57pm
Post Tools
Uncomfortable with it specifically saying if its username or password thats incorrect, as that gives more info to people trying to obtain details about other parties....
  
Back to top
WWW  
IP Logged
 
Matt Siegman
YaBB Legends (Inactive)
*
Offline



Posts: 3,380
Location: Wichita, KS
Re: Username/Password
Reply #3 - Mar 20th, 2010 at 11:24pm
Post Tools
TheBoy is correct. Failed logins really can only really say "The username and password combination is not valid" or they risk opening up some nasty little holes.
  

-- Matt Siegman 8) Wish List
Back to top
 
IP Logged
 
OH Eng
Past Team Members
Documentation Team
Offline



Posts: 4,026
Location: Pensacola, Florida USA
Re: Username/Password
Reply #4 - Mar 21st, 2010 at 1:30am
Post Tools
Well I can understand that.  But how about making a distinction in the forum's Error Log... bad username, bad password, bad email, etc. so when the forum Admin tries to figure out what the problem is, he knows which one is bad.  The information would only go back to the one user with that username/email/password, whereas the user getting the error might just see "Login Attempt Failed" or something like that?

  

 
Back to top
 
IP Logged
 
Matt Siegman
YaBB Legends (Inactive)
*
Offline



Posts: 3,380
Location: Wichita, KS
Re: Username/Password
Reply #5 - Mar 21st, 2010 at 6:00am
Post Tools
That's a good idea.
  

-- Matt Siegman 8) Wish List
Back to top
 
IP Logged
 
Captain John
Ex Member


Re: Username/Password
Reply #6 - Mar 21st, 2010 at 4:47pm
Post Tools
We are trying to secure something that is no longer secured.
  With Guests allowed to view ..... the Display name of who posted/replied, Newest Member is ....
  Do to us allowing single users to influence us, we now allow the ability to login using either username, email or "display name", hackers only need to figure out the password anyways.
  So why the need to worry about hiding the error of which is incorrect .... when the legit user is trying to login with his username/pwd (the only things still invisible) ?
« Last Edit: Mar 21st, 2010 at 8:35pm by »  
Back to top
 
IP Logged
 
Matt Siegman
YaBB Legends (Inactive)
*
Offline



Posts: 3,380
Location: Wichita, KS
Re: Username/Password
Reply #7 - Mar 21st, 2010 at 10:35pm
Post Tools
I don't intend to allow logging in with Display Name for YaBB 3. We will probably limit it to either username or email. We need to take security more seriously.
  

-- Matt Siegman 8) Wish List
Back to top
 
IP Logged
 
cepheid
Senior Member
****
Offline



Posts: 516
Re: Username/Password
Reply #8 - Mar 22nd, 2010 at 11:25pm
Post Tools
Matt Siegman wrote on Mar 21st, 2010 at 10:35pm:
We need to take security more seriously.

Amen.  It's also time to ensure that any "cloaking" or "encryption" is done based on secret keys (as the captcha is done, now) and not hardcoded ones.  As it stands now, for this reason, "username cloaking" is of zero value even if Display Name login is disabled.
  
Back to top
WWW  
IP Logged
 
Captain John
Ex Member


Re: Username/Password
Reply #9 - Mar 23rd, 2010 at 3:52am
Post Tools
« Last Edit: Mar 23rd, 2010 at 3:59am by »  
Back to top
 
IP Logged
 
Matt Siegman
YaBB Legends (Inactive)
*
Offline



Posts: 3,380
Location: Wichita, KS
Re: Username/Password
Reply #10 - Mar 23rd, 2010 at 11:09pm
Post Tools
Sorry, but BBS software is some of the most targeted software by hackers. We will be locking several things down, including logins.
  

-- Matt Siegman 8) Wish List
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top