| General Question Encrypt |
Hello,
I am making a 2 level login option with questions for my 2 level if the user enables it. How ever if the user enables it should the answers to the questions set by user be encrypted? And would the CI Encrypt class be sufficient enough Thank you
There's only one rule - please don't tell anyone to go and read the manual. Sometimes the manual just SUCKS!
No, with encryption the answers of the user can be retrieved if you know the encryption key. You should hash (and salt) the answers and compare the stored hash with the hash of the answer the user gives you during the login procedure.
I don't quite understand why you would ask a user for their password and then ask them to answer some questions. Why not integrate a real 2 factor login system like Google Authenticator? That way you are sure a user knows something (the password) and has something (his phone). Asking a users to know more then his username and passwords seems silly to me.
Using security question is so old style and indeed very unsafe.
Its fairly easy to answer the question if you know the person. Thats why all those phising attempts started to appear. Far easier to break a one word real world answer with a large enough dictionary. Thats what the Rosen table where used for. If you want to be real safe use googles two way approach instead.
On the package it said needs Windows 7 or better. So I installed Linux.
using security questions has become less safer. Two level logins are also not safe since the secret key can be encrypted easily. hashing can be used as a safety method to complete the two level login.
PHP Code: I am making a 2 level login option with questions for my 2 level if the user enables it. PHP Code: How ever if the user enables it should the answers to the questions set by user be encrypted? PHP Code: And would the CI Encrypt class be sufficient enough Best wishes, Paul. |
| Welcome Guest, Not a member yet? Register Sign In |
