highlander
Customer
First, I wanted to say this is a pretty interesting feature and potentially quite useful. There are a couple of problems I've noticed though:
1. The end user receiving the message doesn't know who "DragonByte Security" is or why they are getting this message. I understand what you're doing and what this is about but the average user would not. They might get the impression that their account on the forum was hacked and it could scare them as worded now. They might also think it could be spam.
2. I received this on one of my accounts where I had not ever logged onto those sites. Another user complained of a similar issue. I think there is some problem with how it is working. Is it just checking email address? Against what? I have seen sites that provide this information which appear to be reliable so again - seems like a useful idea.
The things I would do to enhance it
1. Tone down the message and make it more user friendly: Title: "Potential account breach at another site"
"Through some enhanced security procedures on the forum, we've determined that accounts associated with your email address may have been compromised at another site that you belong to. The sites where this may have occurred are: xxxx, yyyy, zzzz. As it appears your password could have been compromised at these sites, we recommend that you consider changing your password on the forum if you haven't done so recently. We also recommend you consider changing your password on other sites you belong to. To be clear, there is no evidence that your userID or password has been compromised on the forum. We're merely informing you in an effort to be proactive. Further information on the sites where your account may have been breached can be found here aaaaaaa" That could be a default and then allow the administrator to customize it.
I would modify this to allow customized language to be provided in AdminCP
2. Look at where you are getting the data from or the legitimacy of the logic/results. .
---------- Forwarded message ----------
From: xxxxxxx
Date: Wed, Jun 21, 2017 at 10:54 PM
Subject: Account Breach Alert
To: YYYYYY
DragonByte Security has detected that your account has been the subject of a breach on another site. We recommend you change your password and enable two-factor authentication to stop your account from being a target of further breaches.
Forbes (forbes.com) happened on 02-14-2014, added to the system on 06:24, 15th Feb 2014
Gawker (gawker.com) happened on 12-10-2010, added to the system on 19:00, 3rd Dec 2013
Pokémon Creed (pokemoncreed.net) happened on 08-07-2014, added to the system on 19:03, 9th Aug 2014
Stratfor (stratfor.com) happened on 12-23-2011, added to the system on 19:00, 3rd Dec 2013
Win7Vista Forum (win7vista.com) happened on 09-02-2013, added to the system on 05:01, 1st Jun 2014
1. The end user receiving the message doesn't know who "DragonByte Security" is or why they are getting this message. I understand what you're doing and what this is about but the average user would not. They might get the impression that their account on the forum was hacked and it could scare them as worded now. They might also think it could be spam.
2. I received this on one of my accounts where I had not ever logged onto those sites. Another user complained of a similar issue. I think there is some problem with how it is working. Is it just checking email address? Against what? I have seen sites that provide this information which appear to be reliable so again - seems like a useful idea.
The things I would do to enhance it
1. Tone down the message and make it more user friendly: Title: "Potential account breach at another site"
"Through some enhanced security procedures on the forum, we've determined that accounts associated with your email address may have been compromised at another site that you belong to. The sites where this may have occurred are: xxxx, yyyy, zzzz. As it appears your password could have been compromised at these sites, we recommend that you consider changing your password on the forum if you haven't done so recently. We also recommend you consider changing your password on other sites you belong to. To be clear, there is no evidence that your userID or password has been compromised on the forum. We're merely informing you in an effort to be proactive. Further information on the sites where your account may have been breached can be found here aaaaaaa" That could be a default and then allow the administrator to customize it.
I would modify this to allow customized language to be provided in AdminCP
2. Look at where you are getting the data from or the legitimacy of the logic/results. .
---------- Forwarded message ----------
From: xxxxxxx
Date: Wed, Jun 21, 2017 at 10:54 PM
Subject: Account Breach Alert
To: YYYYYY
DragonByte Security has detected that your account has been the subject of a breach on another site. We recommend you change your password and enable two-factor authentication to stop your account from being a target of further breaches.
Forbes (forbes.com) happened on 02-14-2014, added to the system on 06:24, 15th Feb 2014
Gawker (gawker.com) happened on 12-10-2010, added to the system on 19:00, 3rd Dec 2013
Pokémon Creed (pokemoncreed.net) happened on 08-07-2014, added to the system on 19:03, 9th Aug 2014
Stratfor (stratfor.com) happened on 12-23-2011, added to the system on 19:00, 3rd Dec 2013
Win7Vista Forum (win7vista.com) happened on 09-02-2013, added to the system on 05:01, 1st Jun 2014
Upvote
0
