Quote:
Originally Posted by V_RocKs
They could start by making the username/password for the surfer. CCBILL has an admin function for this. Removes the ability to supply one by the surfer.
Why is this important?
Because if I hacked a web site... and I do mean hacked. Not cracked. And I got its password file and decrypted it. And this web site was for a solo model similar to Lil Candy... Then I might as well have Lil Candy's password file too. Because out of the 800 members in the other site, about 25 of them are currently active on Lil Candy.
Then add in form protection on the members login. That way at least it slows things down to people really desperate. Instead of being an always easily crackable site you go into the "a lot harder and therefor less of a target" group.
|
Random user/pass is good, but I had to remove it and allow them to choose their own because our support mails went through the roof with people who could not remember uTy65sGafd and wFr72Hgdts as their user/pass.
Ray has a an add on to Strongbox that I want to get myself, where their bot will spider the net looking for your passes and kill them.