Quote:
Originally Posted by Rogean
The reason the loginserver accounts were kept seperate is because with forum software involved and when this entire system was set up, SQL Injections into forum software was a common occurance. In order to protect the game accounts, they were kept seperate for that reason, neither having any more power to reset the other.
We also have to consider the fact that theres still a compromised database from 2007 floating around somewhere. They haven't been able to do damage to loginserver accounts with that unless people were stupid enough to make their passwords the same. Opening up the option for forum accounts to reset loginserver accounts would be bad times for anyone who hasn't changed their forum password yet.
|
Why keep this feature out because people refuse to change their password after 4 years? You could post a notice on here and get all the popular servers to do the same and if folks still don't do it it's up to them. It's incredibly frustrating for legit users to not have access to their accounts because there's no way to retrieve a forgotten password.
Why not just prompt users on login to set a secret question / answer and slowly migrate everyone over?