Are the security questions hard enough?

Technical problems, questions, comments, and suggestions for the forum and wiki.

PrincessPeach
Senior Member
Posts: 352
Joined: Sat Jun 28, 2014 1:36 pm
Diet: Vegan

Re: Are the security questions hard enough?

Post by PrincessPeach »

brimstoneSalad wrote:
I do, but those kinds of tricky questions make it more difficult for legitimate users to register. Many users complain about having to search for the right answer to a non-obvious security question.

Yes, it could be written in the site banner, or something (since I don't think the spammers usually load the whole site), but if they did load the page, that would make it very easy for them all the same AND still harder for users, because they don't always notice that, or the users could have accessibility issues (blind) and be unable to read the answer there.

It's a balancing act of difficulty for the bot, vs. difficulty for prospective users. I'd rather have to clean up spam now and then than make it hard for a real person to join. I think TVA would probably agree on that point.

Now, making them trickier for spammers but still easy for prospective users: that's the golden ticket.
We could ask questions that require the users to be particularly smart. It would stop stupid people from joining though. Maybe that's a good thing? I'm not sure.

What I definitely still want to do is make posting links impossible for new users, but we've had trouble adding phpBB extensions.


I doubt TVA wants to migrate anywhere, but I'll ask him to look into some site security. It may be needed soon if we keep growing.
It doesn't cost anything to make the switch & if you do make the switch then you could take advantage of what we have to offer, like internet security and my department, that you hear my blab about, INBOUND MARKETING! When you make the switch you get my help for free.

I know PHP ! :P

&& If you want to draw more traffic on to the site you have to add in the facebook integration application!

https://developers.facebook.com/products/social-plugins
https://developers.facebook.com/product ... hare-send/
https://developers.facebook.com/docs/re ... /php/4.0.0
Don't be a waste of molecules
User avatar
Red
Supporter
Supporter
Posts: 3952
Joined: Wed Jul 09, 2014 8:59 pm
Diet: Vegan
Location: To the Depths, in Degradation

Re: Are the security questions hard enough?

Post by Red »

If you ask me, the questions are kinda arbitrary.
Learning never exhausts the mind.
-Leonardo da Vinci
User avatar
brimstoneSalad
neither stone nor salad
Posts: 10332
Joined: Wed May 28, 2014 9:20 am
Diet: Vegan

Re: Are the security questions hard enough?

Post by brimstoneSalad »

RedAppleGP wrote:If you ask me, the questions are kinda arbitrary.
How do you mean?
User avatar
Red
Supporter
Supporter
Posts: 3952
Joined: Wed Jul 09, 2014 8:59 pm
Diet: Vegan
Location: To the Depths, in Degradation

Re: Are the security questions hard enough?

Post by Red »

brimstoneSalad wrote:
RedAppleGP wrote:If you ask me, the questions are kinda arbitrary.
How do you mean?
Take the "A form of animal cruelty where trained animals are used for entertainment" question as an example. There isn't just one form of animal cruelty that falls under this category, and I can name a few (Bullfighting, cock fighting, etc.). and it apples to a few others as well. And I'm not applying it to all the questions, only the ones that are in a simaler manner. And when I tried some some secruity questions like these, it tells me I'm wrong, when the answer I put is entirely plausible (if that makes any sense). Even if I used the word "arbitrary" incorrectly, I think you know what I mean.
Learning never exhausts the mind.
-Leonardo da Vinci
User avatar
TheVeganAtheist
Site Admin
Posts: 824
Joined: Sun May 04, 2014 9:39 am
Diet: Vegan
Location: Canada

Re: Are the security questions hard enough?

Post by TheVeganAtheist »

im not looking to migrate to a new host. Thanks for the offer. Could explain what SSL has to offer? How will it protect the forum? how will it stop spammers?
Do you find the forum to be quiet and inactive?
- Do your part by engaging in new and old topics
- Don't wait for others to start NEW topics, post one yourself
- Invite family, friends or critics
PrincessPeach
Senior Member
Posts: 352
Joined: Sat Jun 28, 2014 1:36 pm
Diet: Vegan

Re: Are the security questions hard enough?

Post by PrincessPeach »

TheVeganAtheist wrote:im not looking to migrate to a new host. Thanks for the offer. Could explain what SSL has to offer? How will it protect the forum? how will it stop spammers?
Well first off I should say with the security questions you should send an email verification with a "captcha code" to verify new users are human... That would be safer and less confusing.

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.



It's an encryption & there are different 'levels' of the encryption..

It's like having a third party ninja always watching-out after you..

SSL isn't my expertise & it's hard to understand...
Don't be a waste of molecules
User avatar
TheVeganAtheist
Site Admin
Posts: 824
Joined: Sun May 04, 2014 9:39 am
Diet: Vegan
Location: Canada

Re: Are the security questions hard enough?

Post by TheVeganAtheist »

PrincessPeach wrote:
TheVeganAtheist wrote:im not looking to migrate to a new host. Thanks for the offer. Could explain what SSL has to offer? How will it protect the forum? how will it stop spammers?
Well first off I should say with the security questions you should send an email verification with a "captcha code" to verify new users are human... That would be safer and less confusing.

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.



It's an encryption & there are different 'levels' of the encryption..

It's like having a third party ninja always watching-out after you..

SSL isn't my expertise & it's hard to understand...
how will this help with spammers? how is this useful for a forum?
Do you find the forum to be quiet and inactive?
- Do your part by engaging in new and old topics
- Don't wait for others to start NEW topics, post one yourself
- Invite family, friends or critics
knot
Master in Training
Posts: 538
Joined: Tue Apr 28, 2015 9:34 pm

Re: Are the security questions hard enough?

Post by knot »

TheVeganAtheist, enabling HTTPS will allow people to use the forum more safely.

As is, passwords and login names are just sent as plain text in the POST request, meaning anyone on the network can see them very easily. If you log into this forum on any kind of public network there's a high risk someone will get a hold of your login/password. The hacker could then log in and find that person's email, and things can potentially go south from there.

Most sites store their users' passwords as cryptographic hashes, not plain text. This way it's a lot harder for the hackers (but not impossible) to log in even if the users' passwords have been compromised.
User avatar
brimstoneSalad
neither stone nor salad
Posts: 10332
Joined: Wed May 28, 2014 9:20 am
Diet: Vegan

Re: Are the security questions hard enough?

Post by brimstoneSalad »

RedAppleGP

Please PM me the answers you tried that didn't work. I'll make sure to add them.

Many of the questions have more than 30 acceptable answers. Maybe you made a spelling mistake?
User avatar
TheVeganAtheist
Site Admin
Posts: 824
Joined: Sun May 04, 2014 9:39 am
Diet: Vegan
Location: Canada

Re: Are the security questions hard enough?

Post by TheVeganAtheist »

In case everyone didnt get the email, I have purchased the SSL for the forum and website.
Do you find the forum to be quiet and inactive?
- Do your part by engaging in new and old topics
- Don't wait for others to start NEW topics, post one yourself
- Invite family, friends or critics
Post Reply