Logins
Hazmatt_(The Underdog), Tue Feb 14 2006, 08:08AMWill the login always require the member to enter the 6 digit number as well as username and password?
Re: Logins
HV Enthusiast, Tue Feb 14 2006, 12:54PM
Probably. But its not a big deal. If you keep your cookies, and select FOREVER for login, you never have to relogin unless of course you use different computers all the time (i.e. library, school, etc...)
HV Enthusiast, Tue Feb 14 2006, 12:54PM
Probably. But its not a big deal. If you keep your cookies, and select FOREVER for login, you never have to relogin unless of course you use different computers all the time (i.e. library, school, etc...)
Re: Logins
FastMHz, Sun Feb 19 2006, 06:47PM
My .02: I'd like to vote that the number entering step for login be removed. There are those of us who have cookies, etc cleared automatically for security reasons. Having a number verification for registering as a user is fine and prevents automatic signups...but what does forcing already regged users to enter this number help with security wise? I like to use my Opera Wand to log in without entering anything.
FastMHz, Sun Feb 19 2006, 06:47PM
My .02: I'd like to vote that the number entering step for login be removed. There are those of us who have cookies, etc cleared automatically for security reasons. Having a number verification for registering as a user is fine and prevents automatic signups...but what does forcing already regged users to enter this number help with security wise? I like to use my Opera Wand to log in without entering anything.
Re: Logins
Alfons, Sun Feb 19 2006, 08:22PM
Yeah, I too think it's quite useless to 'secure' a log-in procedure.
Alfons, Sun Feb 19 2006, 08:22PM
FastMHz wrote ...
My .02: I'd like to vote that the number entering step for login be removed. There are those of us who have cookies, etc cleared automatically for security reasons. Having a number verification for registering as a user is fine and prevents automatic signups...but what does forcing already regged users to enter this number help with security wise? I like to use my Opera Wand to log in without entering anything.
My .02: I'd like to vote that the number entering step for login be removed. There are those of us who have cookies, etc cleared automatically for security reasons. Having a number verification for registering as a user is fine and prevents automatic signups...but what does forcing already regged users to enter this number help with security wise? I like to use my Opera Wand to log in without entering anything.
Yeah, I too think it's quite useless to 'secure' a log-in procedure.
Re: Logins
Alex, Sun Feb 19 2006, 08:45PM
That would be to prevent bots from attempting to guess login usernames and passwords.
Alex, Sun Feb 19 2006, 08:45PM
That would be to prevent bots from attempting to guess login usernames and passwords.
Re: Logins
Alfons, Sun Feb 19 2006, 09:02PM
I understand the problem, but which bot would like to log into a HV forum
and by the way; could a bot do much harm? (maybe posting spam or something)
Alfons, Sun Feb 19 2006, 09:02PM
Alex wrote ...
That would be to prevent bots from attempting to guess login usernames and passwords.
That would be to prevent bots from attempting to guess login usernames and passwords.
I understand the problem, but which bot would like to log into a HV forum
and by the way; could a bot do much harm? (maybe posting spam or something)Re: Logins
FastMHz, Sun Feb 19 2006, 11:19PM
I think the mods should remove the number entry step and see if there is a bot problem...if so, put it back and we would all understand. This is the only forum on the web that I visit that requires this extra code entry.
FastMHz, Sun Feb 19 2006, 11:19PM
I think the mods should remove the number entry step and see if there is a bot problem...if so, put it back and we would all understand. This is the only forum on the web that I visit that requires this extra code entry.
Re: Logins
Chris Russell, Mon Feb 20 2006, 02:31AM
At the moment, it is needed. Otherwise it is a fairly simple matter for a bot to grab the memberlist and try frequently used passwords on each one. It also makes it fairly hard to try to brute-force someone's password, as has happened before. One clever person in the past wrote a script to try to guess my password. In order to evade automatic detection, it only guessed once a second or so, and used as many different IPs as possible by using all sorts of proxies. Ultimately, the result was failure, but they were able to cover a lot of passwords before I was able to figure out something was up.
I don't see how it's that much work, anyhow. Just typing up this post has taken a great deal of thought and time. Reading and writing a six digit number would seem to be relatively inconsequentual, especially if you've already got a completion wizard of some sort filling out the username and password.
Chris Russell, Mon Feb 20 2006, 02:31AM
At the moment, it is needed. Otherwise it is a fairly simple matter for a bot to grab the memberlist and try frequently used passwords on each one. It also makes it fairly hard to try to brute-force someone's password, as has happened before. One clever person in the past wrote a script to try to guess my password. In order to evade automatic detection, it only guessed once a second or so, and used as many different IPs as possible by using all sorts of proxies. Ultimately, the result was failure, but they were able to cover a lot of passwords before I was able to figure out something was up.
I don't see how it's that much work, anyhow. Just typing up this post has taken a great deal of thought and time. Reading and writing a six digit number would seem to be relatively inconsequentual, especially if you've already got a completion wizard of some sort filling out the username and password.
Re: Logins
FastMHz, Mon Feb 20 2006, 09:14PM
Ok, sounds good then...I just didn't realize there were that many attempts (or any, for that matter) to break into the system. Keep up the good work.
FastMHz, Mon Feb 20 2006, 09:14PM
Ok, sounds good then...I just didn't realize there were that many attempts (or any, for that matter) to break into the system. Keep up the good work.
Print this page