I find how easy it is to change your password is distressing- anyone can easily do it as long as you don't logout of that computer. It has actually happened to me a few years back, luckily I knew the person who did it and they eventually gave me what they changed it to.

I think that you should need to enter your current password to change it, and maybe even need to enter it to edit your profile as a whole. It's an extra security measure that I'm sure would come in handy, as I can almost guarantee that I'm not the only one it has happened to.

Galacta : Yeah, I think that would be a really good suggestion, because the reason why, because you can accidentally type something in the "Password" box and you didn't know while you're changing your settings and all of a sudden, you logged out (neither by just logging out like normal, clearing all of your cookies, or a friend/family member pulling a prank on you) and you can't get on when you typed the password you use and you have to click the "Forgot Password" link to get it back.

So, it a way, it should have a "Change Password" button where you click it and it'll have 3 boxes (Current Password, New Password, re-type password), but yeah, good idea to have, I wounder what David thinks about this.

Galacta : This would be better instead of changing the pass and having no security.

It should appear an "Enter current password to change your settings" box first, then, if you wish to change the password, do what IgorBird said.

But you can always recover your pass by clicking "Forgot password?". After you clicked it, a box should appear when you must enter your email adress. Then, an email with a random password will come such as "wjr12h". Now, you can use it to log in without any issues or change it to an easier one such as "apples123"!

I hope David will like and implement this feature.

This is a really helpful and good idea. It's been said a few times that password security was a main issue when it comes to attacks, like a few years ago. If we can get a password warning e-mail when your password is changed by you or someone else. Maybe you want those other security questions to confirm your identity. I can support this.

Davideo7 : Thoughts on this? I personally have always noticed it look a lot easier than it should, especially to certain people who try out just about everything they see like this. I noticed it and decided to stay as far away as possible in order to preserve myself on the site and never really mentioned it at all but Galacta: brings up a good point but apparently didn't summon you. I decided that it may be best to get your opinion on this and send you a summon to see what you have to say on the matter here. Sorry if this post comes as an inconvenience to you, especially the summon seeing as I started this post in the morning and finished at night due to having to leave for most of the day.

I never realized how easy it is to change a person's password. 

So I'm all up for this idea for the sake of extra security.

Galacta : I hate when my brother always changes my password on a different device. But luckily I am still logged onto my computer.

This a great suggestion and this should be added soon.

Great suggestion and I hope they change it sometime!

Honestly, if someone hacks your account its no big deal. This site has enough staff and admins that any issue can be resolved relatively fast. This isn't hacking, just slight stupidity. It's like leaving your facebook open at the local library of course people will go in and mess with it. You cannot have security without common sense.

The idea is good, however it won't fix the problem you are presenting here and that is your friends getting on your computer and using your account cause you never trashed the browser cookies. Sure it would prevent them from changing password but it would not stop them from everything else they could do to damage your account.

UFO : The problem presented in this thread is not about somebody hacking into your account and changing everything, but rather them changing your password, and then you are unable to log back in. Vizzed automatically keeps you logged in unless you manually log out, or clear your cookies. Facebook will log you out when you close the browser unless you check "Remember me".

I don't think that you could "damage" an account on Vizzed. And even if you did, what would you do? Waste all their viz? Big deal. No point in spamming because I believe Globals can track IPs, so they know it wasn't the user who did it. This is something that you would report, and problem solved.

All I'm saying in the original post is that password changing seems a bit too easy. Somebody can change your password, and then what? You don't know it and can't log back in, especially if they logged you out (which common sense would say to do if they did that). And yes, I realize this is something you would report, but wouldn't it be much easier if people just couldn't do it at all?

Galacta : We should also add third party verification through email which adds two layers of security instead of one. Another problem is the email field. You can still delete email addresses on accounts, change password then really mess up an account. If I were attacker I'd erase your email and change your password so that you would be blocked out of vizzed for life. The forgot password page would be useless cause it would not know what email to send it to.

Password security isn't as big of a problem though as the email security at this point in time on Vizzed. If the email field is not fixed and you were to "add password security updates" I could easily bypass it by swapping the email on your account then go to forgot password page and set up a new password using your username and the new email I have injected onto the account. This of course would only work in the case of a friend who has your current login info or a random user who just happens to have access to ones account cause the previous user forgot to dump cookies by logging out.