View Single Post
Old 03 Aug 2016, 18:22
kerrghann's Avatar
kerrghann kerrghann is offline
Join Date: Jul 2012
Real name: Markis
Originally Posted by webmastersun View Post
I think it was not a good idea to make AdminCP/ModCP more security like this. Let vB team handle security on their vB cms than you do it with edited codes
None of the codes are essentially editted. This is an addition to the security that already exists. It essentially uses .htaccess and .htpasswd restrictions (which can be added in addition to the current security measures). It's essentially it's own 2 factor authentication. It requires your staff to come up with a completely separate password to access the admin panel.

I added this because I think the hashing method that vBulletin uses is a bit too weak and this method allows you to add a bit more security to your admincp and modcp without actually going in and changing the hashing algorithm.

Originally Posted by Dave View Post
I would personally just stick to an IP restriction or implement phone two factor authentication.
I personally restrict access to my staff's accounts by the country they reside in. My Canadian staff can only log into their accounts with a canadian ip address, my english staff can only connet with an english based ip address etc. It's a bit of a hassle when they go out of country for a bit, however, but it's workable.

As far as IP restriction goes, however, unless you have a static IP address, yours is bound to change. In addition, IP addresses are fairly easy to spoof. I do like the two factor phone authentication, though.

Thank you both for the input.
A Place to create; a place to innovate~
Reply With Quote