problemma hacking accounts

[00Eleanor00]

rough sketch of protection against hacking accounts

[00Eleanor00]

(EN)

first, the login is checked and the database is checked whether the user is logged in. A hardware id verification is added to the database if the verification is correct and the client’s mark is equal to the offline value then skip the client if not then skip and enter the verification via the verification server of the email with a request to send a random code if hardware id does not match and send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client to make an agjax with the prohibition of inserting a password so that improve safety by reading from the cache copy requests to send over some test servers with different coded packet then no packet sniffer will not capture packets

(RU)

сначала идет логин и проверяется база данных вошел ли пользователь к этому добавляется верификация hardware id с базой данных если верификация правильная и пометка клиента равна значению офлайн тогда клиент пропустить если нет тогда не пропускать и ввести проверку через сервер верефикации эмейла с запросом на отправку рандомного кода если hardware id не совпадает и присылать на эмайл с сервера предупреждение что кто то хочет войти и выслать рандомный код подтверждения для его подтверждения в клиенте сделать аджакс с запретом вставки пароля что бы повысить уровень безопасности от считывания из кеша копирования запросы слать через несколько проверочных серверов с разными кодированными пакетами тогда никакие перехватчики пакетов не будут перехватывать пакет 

[Cindy Evanier]

7 minutes ago, 00Eleanor00 said:

rough sketch of protection against hacking accounts

Don't click dodgy looking links and put your password in

[LittleMe Jewell]

1 hour ago, 00Eleanor00 said:

rough sketch of protection against hacking accounts

 

59 minutes ago, 00Eleanor00 said:

(EN)

first, the login is checked and the database is checked whether the user is logged in. A hardware id verification is added to the database if the verification is correct and the client’s mark is equal to the offline value then skip the client if not then skip and enter the verification via the verification server of the email with a request to send a random code if hardware id does not match and send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client to make an agjax with the prohibition of inserting a password so that improve safety by reading from the cache copy requests to send over some test servers with different coded packet then no packet sniffer will not capture packets

 

Confused -- Are you asking a question or trying to give information?

 

Edited October 25, 2018 by LittleMe Jewell

[00Eleanor00]

Thanks for remark

Edited October 25, 2018 by 00Eleanor00

[Selene Gregoire]

On 10/25/2018 at 9:35 AM, 00Eleanor00 said:

send a warning to the email from the server that someone wants to enter and send a random confirmation code to confirm it in the client

This would be a really good way to kill SL. People are not going to want to have to verify every time they log into SL. Especially those who find it necessary to log in/out several times a day.

[bigmoe Whitfield]

On 11/9/2018 at 9:51 AM, Selene Gregoire said:

This would be a really good way to kill SL. People are not going to want to have to verify every time they log into SL. Especially those who find it necessary to log in/out several times a day.

I think a few big content creators would want it, since they have so much tied up in sl. 

[Drake1 Nightfire]

42 minutes ago, bigmoe Whitfield said:

I think a few big content creators would want it, since they have so much tied up in sl. 

So, every time we crash we have to enter a conformation code? Screw that. I log in and out 4 or 5 times a day... Thats crazy to implement. You think LL wants to code something like that? I can just picture a code error that sends thousands of emails to every user.. 

[Wulfie Reanimator]

8 hours ago, Drake1 Nightfire said:

So, every time we crash we have to enter a conformation code? Screw that. I log in and out 4 or 5 times a day... Thats crazy to implement. You think LL wants to code something like that? I can just picture a code error that sends thousands of emails to every user.. 

This kind of verification is EXTREMELY common and easy to implement these days. It doesn't have to be done on every login, the confirmation could only be done once per device and/or once every X hours/days.

[Drake1 Nightfire]

44 minutes ago, Wulfie Reanimator said:

This kind of verification is EXTREMELY common and easy to implement these days. It doesn't have to be done on every login, the confirmation could only be done once per device and/or once every X hours/days.

Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. 

Whats the point? You have a secure password, don't you? Why do we need to enter a code?  The biggest protection against getting "hacked"(which doesn't and never has happened in SL, people log in to a bogus SL site.. Thats stupidity not hacking.) is not logging in your details to any bogus site. No one has had their account actually hacked through the LL servers. 

[Qie Niangao]

13 minutes ago, Drake1 Nightfire said:

Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. 

I have never seen this, and every financial services and telecom company I deal with online uses a form of 2FA. Every one. It's completely transparent to me after the first exchange of credentials on a particular device. Done right, that is. If the multi-factor challenge is being presented more than once per device, somebody truly did not understand what they were doing, actually decreasing security in the process.

[Wulfie Reanimator]

29 minutes ago, Drake1 Nightfire said:

Most sites that i have seen with this use it every time you log in to the site. Its a pain in the butt, which is why I rarely use them. 

Whats the point? You have a secure password, don't you? Why do we need to enter a code?  The biggest protection against getting "hacked"(which doesn't and never has happened in SL, people log in to a bogus SL site.. Thats stupidity not hacking.) is not logging in your details to any bogus site. No one has had their account actually hacked through the LL servers. 

So you're saying "stupid people" deserve their accounts getting broken into? Now that is prime stupidity..

And that's not even the only way to have it happen. Using the same password on multiple sites and any one of those sites getting hacked (which DOES happen, and LL doesn't have any special immunity) puts all of your accounts at risk.

But I guess that just falls into stupidity in your books too, as well as getting a virus or man-in-the-middle attacks, or any possible way your password might be exposed.