: Account suspension on SMS Hy Hello all, I have an idea to implement but I hate to copy if it is been used by any other website(s). My idea is about suspending an account using text SMS.
Hy Hello all, I have an idea to implement but I hate to copy if it is been used by any other website(s). My idea is about suspending an account using text SMS. The description follows.
When a user signs into his account he gets an text SMS saying "Hello Mr.X you have been logged into your account from IP xx.xx.xx.xx, If you are not the real user logged in send reply to this as BLOCK<space>15<space>random code.
So, here the user can suspend his account by sending a return SMS as BLOCK 15 to block his account for 15mins. This text SMS can terminate the user session and does not allow him to login for next 15mins even with correct username and password. Likewise he can suspend his account for any value of time and can release the same by sending UNBLOCKrandom code. Is this kind of feature used by any website? Please let me know if it is used. Else I wanna be the first person to implement it.
More posts by @Sherry384
2 Comments
Sorted by latest first Latest Oldest Best
There are some attractive aspects to your implementation, however, it fails to meet the most basic security requirement: by default, do not allow unauthorized users access.
A "do you want to ban whomever logged in?" query assumes that, by default, the user is not banned - an ignored SMS means that the unauthorized user had access to the account.
The better default: send an SMS whenever a login is attempted from an unrecognized host and require that the authorized user enter a code from the SMS to complete the login process (this process has the added benefit of preventing an unauthorized user from accessing the account while notifying the authorized user that someone is trying to log in).
Gmail, for one, implements SMS in this manner.
I've never heard of it being used. It sounds like a good optional feature for high risk websites, such as Poker Websites, Bank Websites, Stock trading sites etc where large amounts of money can be drained relatively quickly.
However for most applications it's probably overkill and will increase the amount of time you will spend doing support for people who don't quite understand it etc.
Be careful about guarantees as well, if you offer this service, someone gets hacked the SMS doesn't send/is delayed then you may be liable for any theft/damages.
Good innovative idea though in my opinion, but too risky/overkill for 99.99% of people. Those 99.99% of people should just invest that time in making sure their systems are really well implemented and secure.
I suggest to you to make a technical demo and write about it, how you implemented it, what pitfalls you have found, it could make for a really interesting and popular read.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.