What are the chances?

[MagiNinjA]

That's awesome.

It's like that guy who thinks Google is trying to make him miserable. It's a 5 billion $ case right now.

[Jesus]

If and when you change your password, will you let us know the name of the film?

[Ryme]

Was the password "p@ssword"?

[Ryme]

Not that simplistic? You could have fooled me!

All the password stuff for the game is stored encrypted, so I don't know what anybody's is. I figure it's safer that way. Or at least it's the honorable thing to do, right?

[Cristiona]

Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?

Or should I stop prying on this sort of thing

[Ryme]

Conscience.

I'm just hashing the passwords, but that seemed to obscure the data enough for the purposes of a game site. Besides, why bother stealing the passwords outright when the keylogger that Twilight installs will get me credit cards and bank accounts, too?

Someday, I'm probably going to regret saying that. Someone's going to take it seriously and tell their parents I'm stealing things from their computers, and I'll end up in jail. Sheesh.

[Ryme]

Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?

As it's in a database, I can of course edit the password, in that I can delete them entirely or put anything else I want into that field. I don't know of any way to convert/extract the current one from the hashed result, but on a couple of occasions when people lost their password I did insert a temporary one for them until they could log in and change it back. For the most part, though, I discourage the losing of passwords because it's a total pain for me, and if I don't know you well enough to trust you I might not feel confident in resetting it.

[Cristiona]

That's kinda what I figured. For what it's worth, I think there are some tools that can extract a password from a hash, but they're pretty limited (I believe they need to be 'trained', and of course, you need access to the hashes), and I think they don't work over a certain length (as hashes tend to be of a set length, even when the pw is longer than the hash).


Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.

[Ryme]

Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.

Yeah, I know. I've been mostly neglecting administrative stuff like that. I'm sure about two weeks of beta will make me clean it up, what with all the rapscallionish newbies.

[Ryme]

Ryme? Oh, yeah, I totally know you. But then again, I also know where you keep your password. So why don't I just retrieve it and hand it over to you personally?