Force disconnection

[Ephier]

You don't want that trust me. Adding the ability to force disconnect an account through the internet would not only backfire on you but open up a slew of security problems for everyone else with an account. Man made or otherwise.

I do not see how it could backfire if you could only do it while you are logged on to the website, which also requires the OTP.

[Darki]

I do not see how it could backfire if you could only do it while you are logged on to the website, which also requires the OTP.

Two reasons: Not everyone uses the OTP (which doesn't make an account 100% hack proof anyway) and a force disconnect feature can be reverse engineered to gain access to an account; it's a two way street.

Think of this analogy: It's better to have thin air to nowhere than a well fortified door that leads to something of value to you. I'm not tiring to shoot down your idea for fun, i'm merely pointing out how it is.

[Ephier]

Two reasons: Not everyone uses the OTP (which doesn't make an account 100% hack proof anyway) and a force disconnect feature can be reverse engineered to gain access to an account; it's a two way street.

Think of this analogy: It's better to have thin air to nowhere than a well fortified door that leads to something of value to you. I'm not tiring to shoot down your idea for fun, i'm merely pointing out how it is.

Added security is added security. That's like saying I'm not going to install a lock on my door just because they will still be able to break in. If you are not using OTP, that is not a very wise decision. Also I have still yet to see if your reasoning how they could gain access to my account. If they already have your username and password (no OTP), they going to get on it eventually whether you actually on or not.

[Darki]

Added security is added security. That's like saying I'm not going to install a lock on my door just because they will still be able to break in. If you are not using OTP, that is not a very wise decision. Also I have still yet to see if your reasoning how they could gain access to my account. If they already have your username and password (no OTP), they going to get on it eventually whether you actually on or not.

It is obvious you didn't read my post. I didn't say you shouldn't put a lock on your door. I'm saying you shouldn't have a door to begin with. Do you see the point now?

[Ephier]

It is obvious you didn't read my post. I didn't say you shouldn't put a lock on your door. I'm saying you shouldn't have a door to begin with. Do you see the point now?

Not really. You said that the force disconnection could be reverse engineered to gain access to an account. How so? They would already have to have access to your account to force disconnect you, so in that situation, you were already in trouble in the first place.

[Darki]

Not really. You said that the force disconnection could be reverse engineered to gain access to an account. How so? They would already have to have access to your account to force disconnect you, so in that situation, you were already in trouble in the first place.

If you ever take up a career in coding you'll see the problem. Here is an example: Ever seen one of those OTPs keychains? Not the software version i'm talking about the physical one. On the back is a static serial number that governs what the next 30 second password will be. Get one and you gain the other. Hacking is the art and science of taking a tiny amount of information and using it to gain more information. The amount of control we already have over our account is already a risk because of how much it interacts with our account from the internet. Adding an ability to control an active login would make things easier to hack. I personally would like to keep it as hard as possible.

[Baneus]

Two reasons: Not everyone uses the OTP (which doesn't make an account 100% hack proof anyway) and a force disconnect feature can be reverse engineered to gain access to an account; it's a two way street.

Think of this analogy: It's better to have thin air to nowhere than a well fortified door that leads to something of value to you. I'm not tiring to shoot down your idea for fun, i'm merely pointing out how it is.

If someones computer is compromised to the point where it is vulnerable to MiM attacks, then losing their SE account details should be way down on the list of things to be worried about

[Ephier]

If someones computer is compromised to the point where it is vulnerable to MiM attacks, then losing their SE account details should be way down on the list of things to be worried about

Which is the point I have been trying to make. If they are able to force DC you, then your account has already been compromised. Whether force DC is there or not, they have your account, and when they find you offline they taking your stuff.