Ilya (notestaff) wrote in suggestions,

Protect journal against wholesale deletion; use security question.

Protect journal against wholesale deletion; use security question.

Short, concise description of the idea
Protect against the situation where someone steals your LJ password and irrevocably deletes all your entries. Take an extra step to verify user identity before letting them erase old entries.

Full description of the idea
If someone steals your LJ password -- or accesses (either physically or by hacking) a machine on which you're permanently logged in, they can permanently kill your entire journal. This happened recently to one user, who lost over 1000 entries. To guard against this, add an extra layer of security. When the user creates their journal, they enter a "security question" and a corresponding answer which only they know. The question is then asked before the user can delete more than one or two entries in one day. The question can be skipped if the user has just recently answered it.

An ordered list of benefits
  • Protects journals against deletion.
  • Does not require the user to memorize a second password -- only the answer to a security question which the user crafts for themselves.

An ordered list of problems/issues involved
  • The user may forget the exact spelling of the correct answer.
  • Frustrated hackers can turn violent...

An organized list, or a few short paragraphs detailing suggestions for implementation
  • With the userinfo, store: the security question/answer, and the time that the user last deleted an entry. When they want to delete another entry within a short scope of time, ask the security question before letting them delete/edit the entry. Allow deletion/editing of recent entries (under a week old) without the security question.
Tags: security, § historical
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded