+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: suggestion for others working on user auth systems (/showthread.php?tid=2292)
suggestion for others working on user auth systems - El Forum - 07-27-2007
[eluser]jbowman[/eluser]
So, continuing on development of my own user system for my project(s), and idea hit me. I've added an extra field to my database, registration_email
I doubt this is new, but it's not something I've seen in other projects out there, or at least, I didn't notice it.
The reason for this field is you now have a static reference point of who really signed up for that account. You can't defeat social engineering when it comes to account security. People share passwords and such, and occasionally people hijack those accounts. The first thing they are going to do is change the account email address. Once that's accomplished, there is no way for the user to retrieve the password. But if you add this field, then you have a reference. If the user comes complaining their account was stolen, you have a security question immediately available to you, what email address to join the site using? You also could build your password retrieval functionality to take advantage of this, giving them the option to send a password reset link to the original email address, rather than the currently assigned one.
suggestion for others working on user auth systems - El Forum - 07-27-2007
[eluser]danfreak[/eluser]
...it has been a feature of FreakAuth since the beginning ;-)
Dan