 |
 |
 |
Simcountry is an Online Digital World where you are the President of a country.
|
|
|
No download needed!
|
|
|
|
Detailed Description:
Currently, when you forget your password, you can have your password e-mailed to the e-mail address you register under, or you can guess your secret answer to your secret question. When the secret question/secret answer method is used, there is no e-mail involvement at all--the password is shown on the screen when the correct answer is given. That means that if someone figured out the answer to the secret question, the account could be tampered with without the knowledge of the account owner.
I propose that when the secret question/secret answer method is used to reveal the forgotten password, an e-mail is also sent to the e-mail address for that account. That way, if someone unauthorized finds the password, measures can be taken to prevent some of the damage. The contents of the e-mail don't need to be anything more than a statement that the secret question/secret answer combination were used to reveal the password.
Several players have noticed anomalies in the past from relatively benign (e.g. messages read that hadn't been looked at yet) to outright malicious (e.g. sneak attacking corps owned by specific CEOs). Some of this tampering could be prevented by notifying the account owner by e-mail that their password has been retrieved by answering the secret question.
A yes vote is to add notification to the account owner when the secret question is answered. A no vote is to leave the password retrieval system as is.
45 gamers voted for the proposal.
5 gamers voted against the proposal.
The proposal has been ACCEPTED.
W3Creative reaction:
We agree. In fact, the password should be sent by mail only. Receiving a mail message when a break-in has already occurred may be too late as the password may have already been changed. We can also send an email when a break-in is attempted.
