Need a way to identify a user if the user got incontact regarding they're account being hacked? [closed]

Question

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.

Closed 8 years ago.

I am developing a PHP application which has user accounts, I have followed best practices for security (so have done my part) - but this will obviouslly not stop accounts from being hacked.

This is just me forward thinking, but see the following scenario:

Let's say a user was silly enough to get there account hacked by writing down there password (which someone found - the 'hacker'...).

Due to the hacker getting the password, the hacker logs in and changes it and also changes the email.

Now the user finds out (due to them not being able to log in nor recover/reset their pass)...

The user then decides to report this to staff (as they want to regain control of the account).

How would I (a member of staff) be able to indentify the person who is reporting is the actual user, so I can help him/her?

Anyone can just give a username (and maybe email - if they know the person)...

I had an idea on maybe; a memorable word which is required to be given upon registeration (and can not be changed)...to help indentify the user.

There must be other sites which have similar procedures/functionality in place...

Your thoughts? and any example code would be nice!

PS: This is not a high security financial site, more of a social network for gamers.

Answer 1

I personally would not allow the primary email of the account to be changed. Thus the exploited user could just do a typical, email-based password reset.

If you absolutely need to allow an email address to be changed, require the logged in user to generate an email change password that is sent to the original address, and only upon clicking the link from the original address, would they be able to be taken to a form to change their email address, which again would need to be validated by sending an email to the new address. Only upon successful clicking of the link at teh new address would the email change be committed.

Answer 2

Why not store the original email address used to register as a field in the database. This need not be viewable by the user and could just be used as a fall back. Then you can allow administrators to trigger an email to that account containing a link to a page where you could ask security questions.

This was off the top of my head but i think it is workable.

Answer 3

You can use security questions/answers. During registration, prompt your users with questions like 'What is your favorite something?'. Their answers to these questions should be used to verify their identity.