1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[bd] Facebook-style Password 0.9

Mimics Facebook's 3-password feature

  1. xfrocks

    xfrocks Well-Known Member

    xfrocks submitted a new resource:

    [bd] Facebook-style Password (version 0.9) - Mimics Facebook's 3-password feature

    Read more about this resource...
     
    bogus likes this.
  2. Adam Howard

    Adam Howard Well-Known Member

    This doesn't seem to work :(

    User: Test-VB
    Password: james-bond-007-access
     
  3. Robbo

    Robbo Well-Known Member

    Concerns me that you don't actually know if it is secure...
     
  4. xfrocks

    xfrocks Well-Known Member

    JAMES-BOND-007-ACCESS works for me.

    You can view the source code if you want to.
     
  5. Robbo

    Robbo Well-Known Member

    It is secure. But the fact you didn't know worries me. You should know the ins and outs of security on PHP and XenForo...

    No idea why you have such terrible method names either? You don't need to prefix them with your add-on ID.

    Personally I would have done it different to you. On register I would have it do the stuff you are doing on login and I would have stored additional hashes for login to compare against. Might be harder that way and probably wrong, I'm not thinking too much about it.
     
  6. xfrocks

    xfrocks Well-Known Member

    What I mentioned in the description may be different from what you are thinking. I meant if the system accepts 3 passwords (instead of only 1), it may reduce the system's security (because it's easier to attack, brute force, etc.). Of course I know for a fact my implementation doesn't leave any back door/exploit open. About the names, I just don't want my add-on to conflict with any other add-ons now or in the future. I think it's good practice. Finally, there are many ways to achieve the same things with different trade-offs, your approach may not work with existing users + will need additional database field, etc. Life is full of choices :D
     
  7. Robbo

    Robbo Well-Known Member

    Yeah true. Well existing users would already know their password works :p And yes additional database but that wouldn't hit performance however would make the add-on more complex than it needs to be I guess.

    I suggest you remove the security thing from the description. If people are worried about brute forcing then they will know the risks of this and make the decision regardless.
     
  8. xfrocks

    xfrocks Well-Known Member

    Done! :D
     
  9. Adam Howard

    Adam Howard Well-Known Member

    I did something along the lines of

    JAMES-bond-007-access

    OR

    james-bond-007-ACCESS

    Upon further review... It seems to work "sometimes" ... Which is odd... But I guess that's still accepted-able ... It's odd though
     
  10. xfrocks

    xfrocks Well-Known Member

    It should work all the time. But if your password is like a mixture of text, number and symbol like that, just put the capslock on and it should work all the time!
     
    Adam Howard likes this.
  11. time

    time Active Member

    After you install this addon, site members often logout
     
  12. xfrocks

    xfrocks Well-Known Member

    Strange as this add-on is fairly simple and it doesn't touch anything other than the login form. Many members experienced that?
     

Share This Page