[IRCServices] Suggestion

Georges Berscheid Georges at berscheid.lu
Mon Mar 19 00:23:01 PST 2001


Hi,

> Each time a nickname is registered, a nick gets an authentication code, a
> la dalnet, which cannot be changed, and which is not shown. Thi code is
> emailed to the address given with the register command.  After that, the
> person has to issue /nickserv AUTH <code> within some services.conf days,
> or the registration will expire. If people claim to have lost their
> passwords, but can prove that they have the authentication code, because
> it was emailed to them, a services oper can issue /nickserv GETAUTH nick,
> and check the real authentication code against the given, if they match,
> it is highly possible that the person is the real owner, so
> sendpass/getpass can be issued.

Why don't you just email the password to them when they register, so they
can look it up if they forget it. If they lose the EMail as well, they will
lose the AUTH EMail too. So your (in my eyes, quite complicated system of 2
passwords) becomes obsolete.
I don't really see the use of this system. You can do whatever you want, but
you'll never be able to eliminate the stupidness of the users ;-)
You could even force passwords to contain numbers or special chars if you
want a higher security level.

Greetings

Georges