Twilight Forums

My password for the TH forums is 8 digits long, containg numbers and letters, 'randomly' (as in through a proccess that helps me remeber it but has no logic for anyone else) selected.

There are 24 letters and 10 numbers, meaning that all combinations containing only letters and numbers, and are 8 digits long, are 1,785,793,904,896. My password, is one combination among all those. Note, that the chance of winning the UK national lottery JACKPOT is roughly 2 million times more probable than guessing my password.

Why all this analysis? Yesterday night, I saw a film, where a character receives a letter, and the receiving address had my password on it.

EDIT: Actually, I checked it again, and it has all the digits at the right order, excluding the 4th digit of my password that is missing on the letter.

_________________

That's awesome.

It's like that guy who thinks Google is trying to make him miserable. It's a 5 billion $ case right now.

If and when you change your password, will you let us know the name of the film?

I didn't know about this story until you intrigued me to esearch. Yikes! In its turn, this story reminded me of the guy who sued coca-cola because a can he opened did not *fizzle* resulting in "emotional pain" Oo



I thought of that very seriously, considering that this fact brought me a sense of unsafety, but there comes a simple problem: I am extremely bad at memorizing, meaning that I do use only four passwords by memory, all of them distributed among everything I do. Considering that the one on the film is my *main* password, that one I use the most often, I am quite reluctant to just give it up.

_________________

Was the password "p@ssword"?

Nope I am not that simplistic... In case *you* really want to know it, I suppose you can check my IG password for Devant... it's the same... I suppose I can trust you .

_________________

Not that simplistic? You could have fooled me!

All the password stuff for the game is stored encrypted, so I don't know what anybody's is. I figure it's safer that way. Or at least it's the honorable thing to do, right?

Gotcha!



Very wise of you . I was wondering if you use actual encryption or hashing... You know, the former puts ideas in people's minds...

Indeed, considering that you could just call it "my site, my rules" and get away with that little concience thingy, it's trully honorable .

EDIT: How the heck is "consience" or whatever written? Oo

_________________

Stored in a hash but able to be edited by an admin, I would assume? Or are you totally unable to touch them?

Or should I stop prying on this sort of thing

_________________

The churches are empty / The priest has gone home / And we are left standing / Together alone
--October Project: "Dark Time"

Conscience.

I'm just hashing the passwords, but that seemed to obscure the data enough for the purposes of a game site. Besides, why bother stealing the passwords outright when the keylogger that Twilight installs will get me credit cards and bank accounts, too?

Someday, I'm probably going to regret saying that. Someone's going to take it seriously and tell their parents I'm stealing things from their computers, and I'll end up in jail. Sheesh.

As it's in a database, I can of course edit the password, in that I can delete them entirely or put anything else I want into that field. I don't know of any way to convert/extract the current one from the hashed result, but on a couple of occasions when people lost their password I did insert a temporary one for them until they could log in and change it back. For the most part, though, I discourage the losing of passwords because it's a total pain for me, and if I don't know you well enough to trust you I might not feel confident in resetting it.

That's kinda what I figured. For what it's worth, I think there are some tools that can extract a password from a hash, but they're pretty limited (I believe they need to be 'trained', and of course, you need access to the hashes), and I think they don't work over a certain length (as hashes tend to be of a set length, even when the pw is longer than the hash).


Anyway, what you might consider for lost passwords is having an automated system that creates a new password (ie: 4 random numbers and a random letter) to the associated e-mail.

_________________

The churches are empty / The priest has gone home / And we are left standing / Together alone
--October Project: "Dark Time"

Yeah, I know. I've been mostly neglecting administrative stuff like that. I'm sure about two weeks of beta will make me clean it up, what with all the rapscallionish newbies.

Hey, I lost my password, could you reset it and send it to me? Account name is 'Ryme'...

Ryme? Oh, yeah, I totally know you. But then again, I also know where you keep your password. So why don't I just retrieve it and hand it over to you personally?