So the whole problem with passwords
This is by no means a perfect solution, but could anyone "in the know" give me a reasonable explanation why we can't reset passwords via email?
I mean, if everything is changed/confirmed via email, what can go wrong? It wouldn't be a security issue that eqemu had to deal with, because people's email security is their own issue + their isp/hotmail/yahoo's issue.
So for example, i've forgotten the password to one of my LS accounts. Got the other 2, but not the one i'd like. Now, if i could click "reset my password" for that particular account from where i log in to the eqemu site, eqemu emailed me and asked me to confirm a password reset, i reset it and bingo, i have a new reset password emailed to me.
If someone managed to break into my eqemu server account, they'd still have to break into my email account in order to change anything regarding eqemu, and if they break in there then that's completely not the responsibility of eqemu.
One problem i see with that solution is that if people can no longer access the email account they enter into eqemu, they can't change any of their account details. And perhaps there are other problems which would explain why this hasn't already been done. It's how many mmo's do it, isn't it?
|