7 replies to this topic

[Perkamentus]

What is your suggestion?:

I would like to suggest a new security practice for when using your account in-game/forum!

The reason here fore is that you're required to change your password every 90-days! But this causes more problems than resolving in my opinion!
Since you need to change your password It keeps hard to keep track of your current PSW even if you use an PSW manager like Google and/or LastPass or such.

Also when requesting a new password, there isn't an email send to the inbox (and/or Spam) to the attached email of the account.

I therefore would like to suggest to use instead Authentication methods through: Google, Facebook, Discords and etc.
This way users can easily login as well by using these Socials alongside the default login method and perhaps makes this easier?
 

Is this in OSRS?:

N/A

Has this suggestion been accepted already?:

N/A

How would this benefit Alora?:

In the way that it makes it more easier to access your user accounts and/or maintain it.
as well as actually receiving an email when requesting a Password Reset

[J boogs]

I don't see the issue with this security step. Normally what I will do is change my password with one less character then change it right back to my original password.

 

Yes it's annoying but I feel having this in place can be night and day for somethings account staying protected. 

[Moe]

@Perkamentus We will not be removing this security feature, as it's a safety for the players who refuse to use 2FA (their accounts are more likely to get hacked, as they use the same password for multiple servers that have database leaks).

 

I won't decline the suggestion, in case Omicron would like to add the social media step.

[Perkamentus]

Thank you for responding regarding this suggestion.

 

I want to make myself more clear about the 90-Days PSW change... I personally don't see this as an certain issue,
but more as something that should be made optional like the socials I suggested, instead of being forced as an default security practice.
I don't want to combat this practices since I know this is almost fundamental in keeping user safe, and this suggestion is more aiming at discussing the possibilities for making this even more easier.

I hope this has given enough clarity about my opinion about this :)

 

@Perkamentus We will not be removing this security feature, as it's a safety for the players who refuse to use 2FA (their accounts are more likely to get hacked, as they use the same password for multiple servers that have database leaks).

 

I won't decline the suggestion, in case Omicron would like to add the social media step.

[Ivy]

I’m not going to repeat what @Moe and @J boogs have said as they’re get straight to the point.

No support

[Luka Doncic]

I feel like most people cycle between 2-3 PW's since you can change back to recent ones. 

 

No support

[Tungus]

Security set-up is qwuite good

[H]

Your suggestion has been declined, if you feel this was wrongfully done please contact a Forum Moderator+.