Jump to content
Not connected, Your IP: 3.133.107.11
Waterwater10

Better security for changing email address and password

Recommended Posts

Maybe have it as an optical step for people. but so a person can't just say hack your account or get your password somewhere and then log in and change your email address and password, have it s that if you change your password or email address, a confirmation email has to be sent to your email address, or maybe implement a Google authenticator or alternative into it, maybe even some security questions, but they'd also have to be protected somehow, maybe by Google auth or email again. I just feel atm, all someone needs to be able to take over your account is your password and email address and they have full reign. 

Share this post


Link to post

If someone has your username and password, + full control over your email they have PWN'd you completely anyway!  You may want to consider having a more secure email account to use for website authentications.  Keep a "bullshit" clearnet email account for chatting with friends but use a solid one for keeping password credentials secure.  As a for instance the email account attached to my Air username is ONLY used for this site and only when needed.  It is easy to maintain multiple email accounts and such a practice provides additional security in my opinion.  Also, depending upon how you pay, having all the receipts for the payment transaction may just allow for Air Mgmt to research and determine that YOU are who you claim.  I don't speak for them; but providing them with all the specific transaction details may allow them to reset and restore your account.  e.g. I use BTC and keep the transaction details.  I can SIGN the BTC address used to make payment, which the person that would potentially steal my account could not do.  It is much easier to use good OPsec and avoid needing for someone to assist you in the first place.

Share this post


Link to post

have it s that if you change your password or email address, a confirmation email has to be sent to your email address,

 

This actually would be quite useful... maybe a good thing for the devs to look at when they have too much spare time.

 

or maybe implement a Google authenticator or alternative into it, maybe even some security questions, but they'd also have to be protected somehow, maybe by Google auth or email again.

 

... but this is overkill. You have no sensible information saved in an AirVPN account. The only thing it protects is the right to use the connection slots.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Valid emails are not required for signing up. This is one of some challenges with sending confirmations to old emails that might not exist.

You can always recover a lost account with a ticket.

 

That is what I would have expected from a good quality service provider!  Still solid OPsec in the first place is the preferred solution, LOL!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...