I am developing a PHP application which has user accounts, I have followed best practices for security (so have done my part) – but this will obviouslly not stop accounts from being hacked.
This is just me forward thinking, but see the following scenario:
Let’s say a user was silly enough to get there account hacked by
writing down there password (which someone found – the ‘hacker‘…).Due to the hacker getting the password, the hacker logs in and changes
it and also changes the email.Now the user finds out (due to them not being able to log in nor
recover/reset their pass)…The user then decides to report this to staff (as they want to regain control of the account).
How would I (a member of staff) be able to indentify the person who is reporting is the actual user, so I can help him/her?
Anyone can just give a username (and maybe email – if they know the person)…
I had an idea on maybe; a memorable word which is required to be given upon registeration (and can not be changed)…to help indentify the user.
There must be other sites which have similar procedures/functionality in place…
Your thoughts? and any example code would be nice!
PS: This is not a high security financial site, more of a social network for gamers.
I personally would not allow the primary email of the account to be changed. Thus the exploited user could just do a typical, email-based password reset.
If you absolutely need to allow an email address to be changed, require the logged in user to generate an email change password that is sent to the original address, and only upon clicking the link from the original address, would they be able to be taken to a form to change their email address, which again would need to be validated by sending an email to the new address. Only upon successful clicking of the link at teh new address would the email change be committed.