Protect journal against wholesale deletion; use security question.
Short, concise description of the idea
Protect against the situation where someone steals your LJ password and irrevocably deletes all your entries. Take an extra step to verify user identity before letting them erase old entries.
Full description of the idea
If someone steals your LJ password -- or accesses (either physically or by hacking) a machine on which you're permanently logged in, they can permanently kill your entire journal. This happened recently to one user, who lost over 1000 entries. To guard against this, add an extra layer of security. When the user creates their journal, they enter a "security question" and a corresponding answer which only they know. The question is then asked before the user can delete more than one or two entries in one day. The question can be skipped if the user has just recently answered it.
- Protects journals against deletion.
- Does not require the user to memorize a second password -- only the answer to a security question which the user crafts for themselves.
An ordered list of problems/issues involved
- The user may forget the exact spelling of the correct answer.
- Frustrated hackers can turn violent...
An organized list, or a few short paragraphs detailing suggestions for implementation
- With the userinfo, store: the security question/answer, and the time that the user last deleted an entry. When they want to delete another entry within a short scope of time, ask the security question before letting them delete/edit the entry. Allow deletion/editing of recent entries (under a week old) without the security question.