Quote:
Originally Posted by raymor
When we set up such a system for a webmaster who insisted on trying it,
we found that indeed people would keep giving out their passwords everytime
one got caught if you do a "dumb" system like Frog has. So before promoting
such a thing we're waiting until we're done developing an intelligent
system that isn't open to this kind of abuse.
|
I have noticed that after the user has requested a new password be automatically emailed to them that there isnt any unauthorized people using that pass for several days. There are people attempting with the old pass, but not getting in.
Then a few days later maybe someone else will attempt to get in... but here is the best part, they still cant get in.
SB will let 4-5 completely different people in every single day as long as the member name is active.
How is that better?
Quote:
Originally Posted by raymor
Password mailed to member exists, but is currently lacking in intelligence,
it just emails new passwords like Phantom Frog does. We think that's a BAD
idea for most webmasters. We're currently developing a more intelligent
system as part of Strongbox 4.0, to be released soon.
Regarding geo-ip, as you may know, Strongbox was the first such system to
use any kind of geo-ip. Country based geo-ip seems to work quite well,
possibly better than Frog's assumption that the database can be trusted to be
more specific than that although the company who makes the database says
it's wrong as much as 40% of the time, depending on the region. However,
Frog's "feature" is great marketing since most webmasters don't realize it's
based on an admittedly inaccurate database, so in Strongbox 4.0 we're blending
both approaches. Whereas Frog RELIES on the database being more acurrate
than it's creators claim, Strongbox 4.0 will CONSIDER the more specific geo-ip
information ALONG WITH other factors including basic bio-metric indicators
which look at the person on the other side of the monitor.
|
The user has to request the pass be automatically emailed to them, it doesnt just get mailed out the moment its been blocked.
Also about the accuracy of the Geoip DB, this is a quote striaght from the geoip database site.
"Over 99% accurate on a country level, 85% accurate on a state level, 80% accurate for the US within a 25 mile radius."
Thats slightly better then the 40% you claim.
Frog also does not only reply on geoip.
Quote:
Originally Posted by raymor
You are correct, with a typical Phantom Frog install all the user names would
be blocked. We think it's better if the paying customers are able to log in to
your site.
For example Phantom Frog is NORMALLY extremely strict. They normally
focus more than we do on trying to catch every compromised password the
first time, at the expense of accidently blocking a lot more legitimate members.
There are a lot more than 40 words in our dictionary.
We use words rather than random characters because random
characters are really fucking annoying for the customer.
|
If a legit member is blocked they can very easily get a new password instantly to their email, resulting in the member staying happy.
SB cant block more because then you would have more people pissed they cant log in for hours and hours while they wait for the webmaster to reisue a new one for them. That is if they ask in the first place and dont just cancel their membership.
Automation is a good thing.
40.... 100 same difference. Its still a HUGE pain in the ass, and really fucking annoying for the customer.
I always find it odd in threads where it comes down to SB and PF you feel you need to bash PF more then just back up your own program.