Forum QuickConnect Changing Passwords

Discussion and help relating to PlayerIO's QuickConnect feature, including Facebook Connect and Kongregate Connect.

Changing Passwords

Postby Seb135 » August 16th, 2021, 12:51 am

Hey, so a relatively recent change made it possible to change simpleuser passwords by using the username and password.

Previously, the only way to do this was via sending the user an email. Now, if someone can login, they can change the password. That's great and all (not really, sounds like it sucks for security - now someone only needs to guess a password, instead of a password and email combo), but it makes guest accounts practically impossible. Anyone can change the password of a guest account.

Why not a middle-ground?
Instead of emailing the user, which is really cumbersome, and instead of throwing away security, use the existing system but make it require knowing the email.
The documentation says that either the email or username is required. The entire purpose of this change was to allow people to change their own password if they didn't register with an email. It can still do that - but if the account has an email attached, the email should be required, not offered as an alternative.

This would also be a solution to the guest problem - I could simply give the account a random email. Everyone would be able to login with the username and password, but nobody would be able to change the password as they would not have the account's email.
Seb135
 
Posts: 1
Joined: May 4th, 2019, 11:56 am

Re: Changing Passwords

Postby atilla1 » August 18th, 2021, 5:21 am

atilla1
 
Posts: 5
Joined: September 7th, 2012, 9:48 pm


Return to QuickConnect



cron