ID:293499
 
I want to know is there a way to add a secruity question when retriving your account passwrod. Me and my brother share the same e mail that created our accounts. This mean he can get my password without my knowing. Even if i change my e mail in manage acount he can still send it to the original. So BYOND staff, can you add a update to somehow to add a secruity question in manage account settings.
Sparda156 wrote:
I want to know is there a way to add a secruity question when retriving your account passwrod. Me and my brother share the same e mail that created our accounts.

Wouldn't it be far better and easier if you just created two different email accounts (there are enough free providers out on the net)?
Sharing email accounts utterly kills the point of having an automated means of restoring accounts, and also utterly kills the security of said system for accounts that share an address. It is assumed in this day and age that because email addresses are so easy to come by, every person using BYOND should register under a unique address that belongs only to them. Indeed sharing an email address is not a good idea for a whole host of other reasons.

That's not to say such a security question feature couldn't be implemented, but I don't see any compelling reason why it should. Ultimately it can only make more work for the staff and create more ambiguous situations where it's hard to resolve who the real owner of an account is. If security is a concern to you, you should not under any circumstances be sharing an email box with another person--especially one you seem to distrust.

Lummox JR
In response to Lummox JR
Let me just add that I think a security question is a completely horrible idea from a security standpoint. As we saw in the last elections, security questions only bring a new vector of attack. They severally reduce security, and don't do anything the email method doesn't already do.

If you really want a second factor authentication, I recommend looking into Yubikey. It's a cheap solution and has a completely open system that allows BYOND to work in a "TNO" or Trust No One mode. There is also the "PPP" or perfect paper password solution, which offers the same feature, but is free and is a little harder to manage for the end user. Either of these methods could be used in a situation like this to prevent password reset without a Yubikey or the PPP sheet. PPP would be the best solution for BYOND, because it would be free and easy for the end user, but it isn't as fool proof as the Yubikey.

http://www.yubico.com/products/yubikey/
https://www.grc.com/ppp.htm