The more I think about this, it sounds like super over-kill to me to make it memorize devices for a site this size, with this purpose.
But the concern that was voiced was over knowing if your password had been stolen or guessed by a third party. We don't actually need a list of devices for people to do their own sleuthing on that, we just need to know when the last few logins occurred. If they don't look like yours, you can log all other devices out. Is that a reasonable compromise?
But the concern that was voiced was over knowing if your password had been stolen or guessed by a third party. We don't actually need a list of devices for people to do their own sleuthing on that, we just need to know when the last few logins occurred. If they don't look like yours, you can log all other devices out. Is that a reasonable compromise?
I could live with that.
As for how the devices look: they get the name I give them. So FB asks me how I want to name the device the first time I use it.
As for how the devices look: they get the name I give them. So FB asks me how I want to name the device the first time I use it.
Rubix wrote:
Sanne wrote:
That's really weird! I don't have an iPhone/iPad, so I don't know if this is default. Opera Mobile is pretty good about cookies though. 
If it's available for iOS it might be worth checking it out. Dolphin Browser is also good!
If it's available for iOS it might be worth checking it out. Dolphin Browser is also good!Sanne, silly, I'm a cube so anything I do is really weird!
For those using a an IOS device and google chrome browser you can download the chrome browser for your IOS devices and laptop or computer and when you switch between them your password and login name are already saved all you have to do is press login.
Earendill wrote:
I could live with that.
As for how the devices look: they get the name I give them. So FB asks me how I want to name the device the first time I use it.
As for how the devices look: they get the name I give them. So FB asks me how I want to name the device the first time I use it.
AH, that makes the most sense. Thanks.
Wow, I honestly didn't expect it to be this complicated.
How about this:
We have a "Log out of other devices" button next to the "Remember Me" button on the login page? Easy, simple, and it makes it so that everyone's happy! We still have a way for people to log out of devices and feel safe (Sanne) and yet at the same time we have a way that we can maintain multiple log-ins!
Or maybe I'm just an idiot and spewing out totally weird ideas.
~Oaky
How about this:
We have a "Log out of other devices" button next to the "Remember Me" button on the login page? Easy, simple, and it makes it so that everyone's happy! We still have a way for people to log out of devices and feel safe (Sanne) and yet at the same time we have a way that we can maintain multiple log-ins!
Or maybe I'm just an idiot and spewing out totally weird ideas.
~Oaky
Oaky wrote:
Wow, I honestly didn't expect it to be this complicated.
How about this:
We have a "Log out of other devices" button next to the "Remember Me" button on the login page? Easy, simple, and it makes it so that everyone's happy! We still have a way for people to log out of devices and feel safe (Sanne) and yet at the same time we have a way that we can maintain multiple log-ins!
Or maybe I'm just an idiot and spewing out totally weird ideas.
~Oaky
How about this:
We have a "Log out of other devices" button next to the "Remember Me" button on the login page? Easy, simple, and it makes it so that everyone's happy! We still have a way for people to log out of devices and feel safe (Sanne) and yet at the same time we have a way that we can maintain multiple log-ins!
Or maybe I'm just an idiot and spewing out totally weird ideas.
~Oaky
This almost happened once while I was in there working on related code, but I couldn't make it fit without having to expand the header. It felt cramped and cluttered and confusing when I saw it. Perhaps it's worth revisiting, though, to see if there's a way to make it work.
Another idea I had was that after logging in, the first page you saw would have a little welcome message and a link to log out other devices. If you didn't click it, the message would go away and you could proceed normally.
Options, options!
EDIT: This would also fail to address Sanne's main concern, which is that if someone has the option to login without logging her out, she wouldn't know that a thief was simultaneously using her account. With the current setup requiring a single device at all times, she would know instantly if someone else had gained access to her account and could take similarly fast action.
How realistic that concern is to come into play is still under debate, though.
I'm still pondering this. Some of these solutions are more secure. Some are less secure. Some require more resources to implement than others. And some are just downright unlikely to realistically come into play.
Here are some facts to keep in mind that inform my thinking:
There's actually only ONE thing of value stored on the site, and that's your email. Why is it valuable? Because nearly everyone uses the same password for everything. If someone manages to steal your password, for 99% of users, that means they can then log into your email. And via your email, access every single online account you've ever made, such as your paypal account.
Every other site on the net also stores your email, so that doesn't make us stand out as a special target. As these things go, we're a relatively low risk environment. You can make it lower by making your email password different than any other password you use, difficult to guess, and long.
Based on the history of how accounts here have ACTUALLY been stolen, the best security measure we could put into place is requiring people to make sure their email passwords are really secure. Alas, it's out of my hands! I tweet periodic reminders about this because it is such a headache for everyone involved when an email account is stolen. I had one scheduled to go out tomorrow, as a matter of fact.
Since nearly every stolen RPR account has been because someone got access to the user's email, it makes me think that requiring device validation via email is not only annoying to legitimate users, in almost all cases it is utterly useless. Once a thief has control of your email address, they can validate anything they want.
The most realistic dangers that accounts here face, other than crappy email passwords, is 1) checking your PMs on a public computer (such as the library) and forgetting to log out when you go home, and 2) scripts or people that just sit there guessing passwords all day.
If you forget to log out of a public computer, anyone taking over your account does not know your password, they just sat down in your chair. The only real danger they pose is deleting things. The best defense against this is requiring passwords for deletions of important things, like entire characters (something that is planned). The link to log out other devices would allow you to correct your mistake when you discovered it, without inconveniencing those on multiple devices.
As for password guessing scripts, they could be blocked by requiring device validation, but again: We're very unlikely to become a target of a pro operation like that. You're more likely to have someone who knows you well guess your password if it's something simple like a disney character or the name of your pet that you talk about all the time. Those types of guessing schemes can be dealt with by requiring revalidation via email only if someone screws up their login 4+ times in a row. Then you're probably either drunk typing and should go to bed, or someone is trying to make guesses. Implementing a count of how many failed logins in a row is very easy, would have the effect of alerting you immediately if something is up, does not inconvenience legit users, and protects you from someone guessing your password and then taking control of your email. (If they're the same. Which they shouldn't be. But statistically, probably are.)
TLDR version: At the present moment, the security measures that seem the most realistic and that best match our actual risk factors are:
1) requiring passwords for deleting characters, accounts and groups to protect users who forgot to log out of a public computer and
2) locking an account until the owner can revalidate it via email should there be a series of failed login attempts in a row.
This keeps accounts safe from the biggest risks that face them, while not inconveniencing users with multiple devices.
And for the love of Server, change your email password to be completely unique and difficult to guess.
Here are some facts to keep in mind that inform my thinking:
- Nearly all the content you create on the site is immediately public, so someone getting access doesn't even get extra stuff to plagiarize.
- No real big ticket items. The average purchase is $10.33.
- Even though some things cost money, none of those things are transferable to other accounts once purchased. Other assets like characters are also non-transferrable. Group admin status will be transferable by the end of the month, but require you to re-enter your password. I imagine it is very hard to steal a group without a member noticing and reporting it.
- The average stolen account in the past had less than $5 of store items on it, in most cases $0. Having Epic stuff does't seem to make people a target.
- We don't store any credit card information.
- We don't store addresses.
- We don't store real names.
- We can't be used as a login identity for other sites (like "login via facebook")
There's actually only ONE thing of value stored on the site, and that's your email. Why is it valuable? Because nearly everyone uses the same password for everything. If someone manages to steal your password, for 99% of users, that means they can then log into your email. And via your email, access every single online account you've ever made, such as your paypal account.
Every other site on the net also stores your email, so that doesn't make us stand out as a special target. As these things go, we're a relatively low risk environment. You can make it lower by making your email password different than any other password you use, difficult to guess, and long.
Based on the history of how accounts here have ACTUALLY been stolen, the best security measure we could put into place is requiring people to make sure their email passwords are really secure. Alas, it's out of my hands! I tweet periodic reminders about this because it is such a headache for everyone involved when an email account is stolen. I had one scheduled to go out tomorrow, as a matter of fact.
Since nearly every stolen RPR account has been because someone got access to the user's email, it makes me think that requiring device validation via email is not only annoying to legitimate users, in almost all cases it is utterly useless. Once a thief has control of your email address, they can validate anything they want.
The most realistic dangers that accounts here face, other than crappy email passwords, is 1) checking your PMs on a public computer (such as the library) and forgetting to log out when you go home, and 2) scripts or people that just sit there guessing passwords all day.
If you forget to log out of a public computer, anyone taking over your account does not know your password, they just sat down in your chair. The only real danger they pose is deleting things. The best defense against this is requiring passwords for deletions of important things, like entire characters (something that is planned). The link to log out other devices would allow you to correct your mistake when you discovered it, without inconveniencing those on multiple devices.
As for password guessing scripts, they could be blocked by requiring device validation, but again: We're very unlikely to become a target of a pro operation like that. You're more likely to have someone who knows you well guess your password if it's something simple like a disney character or the name of your pet that you talk about all the time. Those types of guessing schemes can be dealt with by requiring revalidation via email only if someone screws up their login 4+ times in a row. Then you're probably either drunk typing and should go to bed, or someone is trying to make guesses. Implementing a count of how many failed logins in a row is very easy, would have the effect of alerting you immediately if something is up, does not inconvenience legit users, and protects you from someone guessing your password and then taking control of your email. (If they're the same. Which they shouldn't be. But statistically, probably are.)
TLDR version: At the present moment, the security measures that seem the most realistic and that best match our actual risk factors are:
1) requiring passwords for deleting characters, accounts and groups to protect users who forgot to log out of a public computer and
2) locking an account until the owner can revalidate it via email should there be a series of failed login attempts in a row.
This keeps accounts safe from the biggest risks that face them, while not inconveniencing users with multiple devices.
And for the love of Server, change your email password to be completely unique and difficult to guess.
You could always set a relatively high minimum password length, Kim. It's basic math that length > complexity when it comes to passwords. If your password is ilovemycatsnugglesbecauseitssosoft, like hell anyone is going to guess it unless you use that sentence every 5 seconds.
On a related note:
On a related note:
A short educational comic from xkcd.com!
Kim wrote:
Implementing a count of how many failed logins in a row is very easy, would have the effect of alerting you immediately if something is up, does not inconvenience legit users, and protects you from someone guessing your password and then taking control of your email.
[...]
1) requiring passwords for deleting characters, accounts and groups to protect users who forgot to log out of a public computer and
2) locking an account until the owner can revalidate it via email should there be a series of failed login attempts in a row.
[...]
1) requiring passwords for deleting characters, accounts and groups to protect users who forgot to log out of a public computer and
2) locking an account until the owner can revalidate it via email should there be a series of failed login attempts in a row.
I like the sound of this. A lot. A list of what times you logged in last (max 25 or 50 entries?) and a red flag message when you're logged in and someone is trying to gain access but failing would be amazing. (That is what you're implying, right?
)
Sanne wrote:
I like the sound of this. A lot. A list of what times you logged in last (max 25 or 50 entries?) and a red flag message when you're logged in and someone is trying to gain access but failing would be amazing. (That is what you're implying, right? )
)No, actually. I was trying to explain why some of these things were very unlikely to help and seemed an unjustifiable use of resources given how tightly they are stretched and how little "valuable" information we store on our servers. What I was proposing was just the list you quoted from me above.
You are on: Forums » Suggestions & Development Discussion » Simultaneous Log-Ins/Mobile App?
Moderators: Mina, Keke, Cass, Auberon, Claine, Ilmarinen, Ben, Darth_Angelus