Jump to content
Eternal Lands Official Forums
Sign in to follow this  
Hompf

Forgot my password for the game

Recommended Posts

Hello,

 

I have not played EL in quite a while, and now i seem to have forgotten my

password to log into the game. Is there any way of resetting the password?

 

Thanks in advance,

 

Hompf

Share this post


Link to post
Share on other sites

You can request a password recovery service (which entails a $5 payment as administration fee) by contacting radu in-game, or Entropy in-forum. Either way, you might have to provide proof that you are the legitimate owner of the character, before the password is reset. This can be obtained from your logs, in some case, or by providing information that only the owner would know (e.g., where you last logged off, or what you had in storage/inventory, or a vague remembrance about the old password, etc.).

 

Given that the Hompf character has pretty good attributes/levels, starting a new character is not an option, I'd say...

Share this post


Link to post
Share on other sites
or a vague remembrance about the old password

 

I severely hope that this single item from the things you mention does NOT hold true. Would be quite a blunder and unprofessional. Also admins must never be allowed to retrieve passwords - only to reset them.

Share this post


Link to post
Share on other sites
or a vague remembrance about the old password

 

I severely hope that this single item from the things you mention does NOT hold true. Would be quite a blunder and unprofessional. Also admins must never be allowed to retrieve passwords - only to reset them.

 

WTF?!?!?

 

Are you (EL) storing passwords in plain text? :stare:

Edited by Devnul

Share this post


Link to post
Share on other sites
or a vague remembrance about the old password

 

I severely hope that this single item from the things you mention does NOT hold true. Would be quite a blunder and unprofessional. Also admins must never be allowed to retrieve passwords - only to reset them.

 

FYI, moderators can neither access nor retrieve nor reset passwords. Only radu can, and since he is the one writing the server code, it is rather immaterial whether he can see passwords or not - since he controls the code that does the authentication.

 

Computer security is a serious discipline, don't be fooled by DOs and DON'Ts that may induce a false sense of security. The classic paper "Reflections on Trusting Trust" by Ken Thompson (originally published on Communications of the ACM, available at http://cm.bell-labs.com/who/ken/trust.html) might be worth a read. It is much safer to act on the assumption that the developer of the server where you are sending your credentials can at least intercept those credentials. That's why you should never re-use the same password on multiple systems.

 

Having said this, I have no idea whether passwords are stored in plain text, or encrypted with some public key whose private key is jealously guarded by radu, or hashed with only hashes being stored, or encrypted with a random salt in the style of the original UNIX /etc/passwd (still used today in crytp() ), etc.

 

But since the developer of the game (and owner of the server) has physical access to every bit of data pertaining to your character, whether the password is accessible to him or not is immaterial. The only risks that should be mitigated are (1) breach of server security, in which case the data your password is supposed to protect is exposed already, and (2) reuse of the same password on other sites/services, which can be mitigated (removed, really) by using a unique password for the EL server.

 

Of course, the hosting service where the EL server runs also might have access to your bits, as well as your ISP and other intermediary providers, and of course the NSA, the CIA, the FBI, the Iranian Government, the Mossad, the Chinese firm who assembled your router, etc.

Security is a matter of deciding who you trust, not of being safe :-)

 

Having said this, I totally agree that storing/transmitting encrypted passwords is a better practice than storing/transmitting plaintext. But you do realize that having a working proxy is indistinguishable from having a men-in-the-middle attack...

Share this post


Link to post
Share on other sites

Fortunately i remembered my password.

I am glad though to have sparked an interesting discussion :)

Thanks for answering my question and elaborating on the issue Usl!

 

Hompf.

Share this post


Link to post
Share on other sites

Fortunately i remembered my password.

I am glad though to have sparked an interesting discussion :)

Thanks for answering my question and elaborating on the issue Usl!

 

Hompf.

That's the best possible outcome! :)

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoticons maximum are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×