Well, that is one of the huge problems a server could face. Those steps given above are awesome to prevent it but I also came up with a new idea.What I was thinking lately is that why not having PIN codes for accounts? You will be asked to give a PIN code while registering an Ingame account and there, you will be warned strictly that you cant change the PIN code once you have it.For this, people will have one and only one PIN code added either in your account data by setAccountData or into a new database. So when you lost your password, you gotta click "Forgot password" in login window and it will ask for your current e-mail and as well as your account PIN code. If both things are correct and matching the database/account data, you will be asked for new password.In my opinion, this PIN code system is better and the serial protection is also great. Here, few questions arise:What if I forgot my PIN code?- Thats your fault but if you prove it that you are NOT a hacker, you can inform Lx+ staff to change your code by /changepin account newPin command.If we can only set it on the time of registering, what about existing accounts?- On player login, if database/account data returns false value, player will be asked for PIN code, window will appear saying "Your account doesnt have any PIN code yet, to proceed playing, enter any PIN code two times." And here players will be strictly warned aswell that you cannot change your PIN code.What if a hacker contacts a staff to change my PIN?- For this purpose, if someone asks to change his PIN, staffs will inform them that I will change PIN after 7 days. So if real owner logs in in these days, he will see that his account hacked and he will easily recover it by PIN code.If the PIN system is not going to work, then the serial system is great option, I just gave my input.
Author
Topic: How did they get your password? (Read 11660 times)