I like the sound of trev's idea.
I don't really even understand how adding a password recovery system based around a person's email address would compromise accounts in any way.
People currently have their own accounts, and if someone breaks into their account, they're screwed - they can change the password, and the person loses access to the account and cannot redeem the password.
If the password recovery system is based around someone's email, that's THEIR personal security and responsibility, all it would do is email a password reset, then email a new password if it was reset. If you wanted to change your email, you do that via email too. The only time that's problematic is if your email provider closes your account before you have time to change your email.
Granted, i don't know how security was breached or what they did or gained, but for the life of me i can't understand why a recovery system which works for just about every other mmo in the world wouldn't work here where theoretically even less is at stake.
|