Quote Originally Posted by CNJRP View Post
Security question and answer, not password(typo). I may be wrong but the security question and answer for the site is different than that of the sub-password on the character selection screen. Either way, one or both would be sufficient in my opinion.

I could imagine the steps for unblocking an account would go something like this.

1) User enters invalid sub-password five times (who knows why, drunk, tired, or coming back from a long break).
2) The user goes to the site and verifies that it is indeed their account and that they want to unblock by providing information (security question, security answer, registered email, etc).
3) A confirmation email is sent to the registered email with a link to unblock the account or warning the user of an attempt to unblock the account.
4) Account unblocked.

With a system like that, in order for a stranger to unblock their account they would need to know the security question, security answer, registered email, and even the password the the email address. Good luck with that.
Thats not so hard for most modern hackers sad to say