(Suggestion) Extra security.

[EAF]

I was thinking about how people scam, then say they were 'Hacked'.

You could have it where if they login from a different IP then their registration IP, they have a security question that has to be a certain amount of characters ect.

Just a basic idea, could be morphed into something better.

 

[Mc. Donalds]

Yeah.

'I was hacked' - Uses proxy/VPN.
A security word that is made by you, and can never be changed and is hashed in the database.

Good idea!

 

[ireppgold_mybb_import12659]

Yeah.

'I was hacked' - Uses proxy/VPN.
A security word that is made by you, and can never be changed and is hashed in the database.

Good idea!

I agree, not hard to use a VPN.

 

[EAF]

I had an idea for safe trading as well, I'll make a thread in a bit.

 

[ireppgold_mybb_import12659]

Or you could just add it too this one?

After all, it's still extra security.

 

[EAF]

Or you could just add it too this one?

After all, it's still extra security.

It's something on a whole other level, I posted it, like I said, these are all basic ideas, and could be implemented with further modifications.

 

[Dusk_mybb_import13243]

You must also remember that someone could just DOX the user and get there security question answer from them.
That way, when they try to login from their IP, the question will pop up and they will know the answer.

That is why you should have a email and the password should never be used "anywhere" else.
Besides that fact, I like your idea on extra security. This one just lacks..."Security". Ha.


*EDIT*

If your going to say that the user should never tell/give away there security question then your right. But, that's why it's called social engineering. People can be tricked by others impersonating phone companies or "anything". Lots of users will make there security question, something easy. Such as favorite color or something that can be found on there facebook. -__-

 

[Relapse]

@[Dusk] I can just imagine how that goes

"Hello Sir this is Jagex calling to confirm your security answer on Runegear.net. We need to know this so we can make you a player moderator."

 

[Dusk_mybb_import13243]

Lol. It would be more like this.>Because a GOOD Social Engineer would look at the question before so let's say it's your uncle(died) birthday.

SEngineer: "Hello, I am calling from your internet service provider. We are trying to establish that you are a frequently paid user, so we may give you a $250 bonus!" "You have set a question on your account that relates to your uncle's birthday year. What is it?"

Victim: "I don't believe I set that question as my security question."

SEngineer: "That is what we have in our records, sir. Maybe, it was a previous question and our systems haven't updated, yet." "If you would like $250 off or given to you on the next month bill then answer the question, please."

Victim: "Uhm..well....1998"

SEngineer: *Trys year and Works* "That is correct and thanks for being a great customer!"

*FACEPALM*

 

[Relapse]

Most people here live with their parents so why would they get a call from their Internet service provider... And most people have caller ID and they wouldn't think a call from a private number or skype would be their internet service provider anyways.

And I highly doubt anybody would go through that much trouble to get a forum account unless they manage to get a staffs account.

Ya thats sure possible to happen but highly improbable. This is still a good idea to help peoples accounts from being stolen.

 

[Dusk_mybb_import13243]

It was a general idea. Would the example be better, if I used a gaming company?

 

[Relapse]

My point is anything CAN happen but this makes it a lot more secure. The chances of somebody going through all that trouble just to get your runegear account is slim to none.

 

[Dusk_mybb_import13243]

If The Elite adds this, he should make it optional to have this security question.
Because I don't agree with it unless more steps are made for it to be as secure as possible.

 

[Relapse]

I don't know why you wouldn't want it, its still something more than what we have now. It might not be the highest possible security but its a step in the right direction. Whatever floats your boat.

 

[Dusk_mybb_import13243]

Yeah. As long as it's an option then I think it should be added as well.

 

[Techno]

Technically if you get on a ratted laptop and log in from somewhere else, they might get it if they are smart. It's a good idea thought.