I'm wondering what others think of this to increase security ... adding an extra tag to the header (that can be used in the templates) that states:  "You are currently logged in as an Administrator."

Also, should I add a temporary session cookie (close the browser, then it deletes the cookie) that when you go to Admin it asks for your password (and if password failure is 3 times, then the account is locked out -- forcing another admin to re-enable, OR force a 3 hour lockout, etc).

Good ideas?

Maybe...if I understand you correctly.  Do you mean that if I am logged in as admin and if I go to the admin center that I have to type in my password again?

If so, what would really be the purpose?  I already logged into my forum.

As far as the delete the cookie thing.  I don't like it.  I never log out unless something causes me to delete my cookies.

I guess my question would be is the current way of doing things un-secure or less secure?

I don't know of any E-Blah forum that has been hacked when using MD5 encryption.

It just adds more security.  I meant the temp Admin CENTER cookie, NOT the admin user cookie.  I'd hate that.  

I guess reading stuff at work has been getting to my head about securing data ..... .

I work on the basis if it aint broke then don't fix it, if people have already got your password, asking for it again isn't going to stop them.

I had the idea because ... some people leave their workstations logged in.  But since no one wants it, I'm not adding it.

Well, I believe both IPB and vB have failsafe ACP locks. That means if you try to log into the ACP unsuccessfully five times in a row, the entire ACP is locked down for 20 minutes. That'd be a great feature to place into E-Blah.

No one really seemed to want it ...