Jump to content
Eternal Lands Official Forums
pasmoi

password protection

By pasmoi, in Suggestions - General, Misc.

Recommended Posts

pasmoi   

pasmoi
Posted

I just heard some players where innocent enought to give their password online, to scammers.

 

We could add the following test :

each time we send a message by the chat, the client would test if the message doesn't contains the password of the user.

if the password is contained, the message would not be sent, but a warning would be given to the user.

 

for people that have a common word as password this system would be a problem : after the warning, a confirmation windows yould be printed, and if the player clicks on "yes, I really want to send this sentence, that happens to contains the word I use as a password, but I'm not giving my password to anyone", then the sentence would still be sent.

 

since this test will only be made each time you send a sentence, it will not be heavy. (no cost for players)

provided we keep the password in the client's memory after login, in the code, this test could be added with 3 lines of code ... (almost no cost for devs)

 

 

regards

pasmoi

Share this post

Link to post
Share on other sites

asgnny   

asgnny
Posted

Having the server scan every sentence typed by every player, then comparing that against the user's password would be an unreasonable strain on the server, as well as being a security hole in and of itself.

 

Read through rule 4 in detail. If someone can read through that and still wants to give their password out for "free st00f", they probably shouldn't be playing anyhow.

You really can't fix stupid

-Ron White

Share this post

Link to post
Share on other sites

Aislinn   

Aislinn
Posted

Well how about instead of all that hassle and annoyance, people actually remember WHY we use passwords in the first place.

Not to be annoying game makers who's one goal is to make life difficult by forcing people to remember something or write it down.

Not to give them away.

Not to pick the easiest thing they can think of that will come up in their every day conversation so scammers can guess it.

The whole point is to keep your account safe, so maybe if people treat the password as importantly as it actually IS, there would not be these issues.

We can only babysit so far.

Share this post

Link to post
Share on other sites

masterpiter   

masterpiter
Posted
I just heard some players where innocent enought to give their password online, to scammers.

Players give their account pass away for a reason, and noone of the reasons seems innocent enough to me :P

 

1) They hope that the other person can train/make money on character, so they benefit from it.

 

2) They r selling or trying to sell their account-for some ingame items but often also for real money- also big benefit for them.

 

3) They use it for illegal multi, mostly for trading items from one char to another ;)

 

If they wanna give some1 their pass they will do that anyways, if not via ingame pm then via forum pm or in real life if they know the person, if not then via e-mail or messenger :P

 

So imho ur suggestion would not stop that at all :)

 

mp

Share this post

Link to post
Share on other sites

ville-v   

ville-v
Posted
Having the server scan every sentence typed by every player, then comparing that against the user's password would be an unreasonable strain on the server, as well as being a security hole in and of itself.
Last time I checked, the EL client was executed on my computer, not on the server. Did it change in the last update? Or at least I can not imagine any other way for server load to increase, if "the client would test" :P

Share this post

Link to post
Share on other sites

asgnny   

asgnny
Posted
Having the server scan every sentence typed by every player, then comparing that against the user's password would be an unreasonable strain on the server, as well as being a security hole in and of itself.
Last time I checked, the EL client was executed on my computer, not on the server. Did it change in the last update? Or at least I can not imagine any other way for server load to increase, if "the client would test" :)

Brilliant idea, except...:

1) Storing your password on your local computer (having a file called teh_password.txt is not exactly the safest means of storing it.) Anyone using your computer can do a simple search and hax0r your account.

2) Users would never be able to change their passwords if they were stored locally. The new password would not match the one stored on the server, and you would just never be able to log in again. Hmm... I like this idea.

Share this post

Link to post
Share on other sites

Learner   

Learner
Posted
Having the server scan every sentence typed by every player, then comparing that against the user's password would be an unreasonable strain on the server, as well as being a security hole in and of itself.
Last time I checked, the EL client was executed on my computer, not on the server. Did it change in the last update? Or at least I can not imagine any other way for server load to increase, if "the client would test" :)

Brilliant idea, except...:

1) Storing your password on your local computer (having a file called teh_password.txt is not exactly the safest means of storing it.) Anyone using your computer can do a simple search and hax0r your account.

2) Users would never be able to change their passwords if they were stored locally. The new password would not match the one stored on the server, and you would just never be able to log in again. Hmm... I like this idea.

Considering the client tracks your password in memory so it can reconnect after a disconnect, I don't think that will be an issue.

 

But what about people who's password matches someone elses name or a common word/phrase they use in chat? I know those are weak passwords, but that would tick them off constantly having to say that they want to send a message with their password in it.

Share this post

Link to post
Share on other sites

Alia   

Alia
Posted
1) Storing your password on your local computer (having a file called teh_password.txt is not exactly the safest means of storing it.) Anyone using your computer can do a simple search and hax0r your account.

 

Storing password in a file on your comp is at least 2^1024 times safer than to send it over the network unencrypted (as we do it now).

because 'anyone using your computer' must first hack OS authentication system before doing a 'simple search' :)

Share this post

Link to post
Share on other sites

The_Piper   

The_Piper
Posted
But what about people who's password matches someone elses name or a common word/phrase they use in chat? I know those are weak passwords, but that would tick them off constantly having to say that they want to send a message with their password in it.

 

Exactly, the perfect way to force players to choose NOT weak passwords.

 

Pseudo code:

IF strstr(data, password_in_memory) NOT NULL 
THEN
  SEND_TEXT_IN_RED "N00b, don't give away  your password!"
  POPUP_RULE 4
  RETURN
END-IF

 

 

Of course, ppl *CAN* give away their password still very easy, but they get at least a warning at once and cant complain later that their char was stolen. Thats then really their problem.

 

Piper

Share this post

Link to post
Share on other sites

scarr   

scarr
Posted

1: hey if you type your password backwards it shows up in stars!! *********

2: remmacstoidi

2: hey it didnt!??

1:thx for pw :>

Share this post

Link to post
Share on other sites

The_Piper   

The_Piper
Posted
1: hey if you type your password backwards it shows up in stars!! *********

2: remmacstoidi

2: hey it didnt!??

1:thx for pw :>

 

As is said: Too dumb to play? ==> Their very own problem.

 

Piper

Share this post

Link to post
Share on other sites

Learner   

Learner
Posted
1: hey if you type your password backwards it shows up in stars!! *********

2: remmacstoidi

2: hey it didnt!??

1:thx for pw :>

And people that do things like that can be banned!

18. No Hacking.

Do not attempt to interfere with or hack into any transmissions to or from the servers. Do not attempt to hack into someone else's account or convince them to give you or others their passwords.

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing Suggestions - General, Misc.

  • Recently Browsing   0 members

    No registered users viewing this page.

×