Anope IRC Services

Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: [1]   Go Down

Author Topic: /ns sendpass <nick> <email>  (Read 6746 times)

0 Members and 1 Guest are viewing this topic.

Obi Wan

  • Anope User
  • Offline Offline
  • Posts: 6
/ns sendpass <nick> <email>
« on: July 25, 2009, 04:16:29 PM »

I thought about something. I'm used to it from other services that if you want to use sendpass you will have to use /ns sendpass <nick> <email>. Services would then check if the email address corresponds correctly to the given nickname and then sends out the password (or sends out a new password for that user account)

I think that would be a very good function for users who have forgotten their password. The reason I'm starting this is that some of my users quite often forget their passwords and now they would first have to identify to do a sendpass on their nick which makes the function currently as it is quite useless.

Thanks
Logged

Darth Panda

  • Anope User
  • Offline Offline
  • Posts: 33
    • Cheap Software
Re: /ns sendpass <nick> <email>
« Reply #1 on: July 26, 2009, 02:36:53 PM »

I'm always very fond of the "human element" when it comes to these kinds of things. While I'm not opposed to this idea, I'd like to think that having your staff talk to the user in question and ask them verifying questions like "what's the email address that you registered with?" and checking Nickserv's ACCESS list to see if the host they are from even matches something on the list and ask questions about their nick and their channel access and see if the information that is received matches the info on file that is not displayed to the public. That'll give you an idea as if this is the real owner or not. Since email isn't generally encrypted when it's sent from services you are broadcasting passwords in plain text as well as possibly sending the password to someone that has hijacked this users email account and now what into their IRC account as well. SENDPASS to me is taking a users password and throwing it blindly at a target and hoping the correct person catches it.

Many hackers use social engineering to get users to share personal information, there is no reason your staff can't do the same. Then after they are comfortable that they are talking to the real owner, set a new password for them. Some admins will not like this approach because their staff will actually have to do something constructive to earn their O:Line on their tiny network since in today's IRC software everything seems to be automated.
« Last Edit: July 26, 2009, 02:41:47 PM by Darth Panda »
Logged
Some things just don't need to be fixed.
Less is usually more.
One meets his destiny often on the road he takes to avoid it.

Obi Wan

  • Anope User
  • Offline Offline
  • Posts: 6
Re: /ns sendpass <nick> <email>
« Reply #2 on: July 26, 2009, 03:02:28 PM »

The think I actually thought of, as I said on irc yesterday, currently sendpass just won't have any use  however it could be enhanced to make it a usable function. Maybe completely rewrite it or something. I just think services should have a "I forgot my password" function. Maybe reset the password into something random like a forum does it or something like that.
Logged
Pages: [1]   Go Up