Burtforcing ?
On one point i did consider it would be easy as you don't need to verify and you can log in simply by link however on another hand you can try a same email only about 5-6 times and wait 30miuntes. There are chance there could be a good combo list (different email:different password every time)waiting to crack those nice accounts
What do you guys think?
stealing accounts is messed up
Brute forcing is near impossible with this game. There is a simple exploit that allows you to try to 'log in' as many times as you want without delay or getting locked out, but you have to realize what we're dealing with here. The game requires a 10 digit password with a capital and a number. 26 (letters) + 26(LETTERS) +10(numb3r5) = 62. Let's say your password was 15 digits. (62^15)-(62^10)=768909704109467302684294144. That's how many possible combinations of a 15 digit password there are, assuming the attacked knows that your password is over 10 digits (and he does, because that's the requirement). Let's say the attacker had an insanely fast computer that could try 10 billion of these passwords per second. It would still take him 2438196677 years. That's 2 and a half billion years to crack your 15 digit password. Good luck.