Report, edit, etc...Posted by Yoshi da Sniper on 2003-09-21 at 21:49:55
Want a forum for this?
Report, edit, etc...Posted by BeeR_KeG on 2004-10-10 at 17:54:48
Aight, as some of you know some dude stole Bolt's account and I have an idea to make it a bit more safer.
IP Address Log in.
1)Make it so that it is a requirement to log in with the IP address that you usually log in.(IE: house). This will require the same IP and the password.
Some people use multiple IP's or computers. Make it so that they can have a list of commonly used IP's and they could log on with any of those.
Now if someone is going to use a different IP than the ones in the common IP's for that user have them e-mail Yoshi or send him a PM before logging in on a new computer. That way Yoshi will allow the account to log in with the new IP.
2) Another method would be to use multiple passwords. 1 password would be your every day password. When you log in with a new IP you will be required to put in the second password or answer a set of questions and answers that you submited. If gotten right then the SEN will let you in with the new IP.
COmbinations can also be used.
IP Address Log in.
1)Make it so that it is a requirement to log in with the IP address that you usually log in.(IE: house). This will require the same IP and the password.
Some people use multiple IP's or computers. Make it so that they can have a list of commonly used IP's and they could log on with any of those.
Now if someone is going to use a different IP than the ones in the common IP's for that user have them e-mail Yoshi or send him a PM before logging in on a new computer. That way Yoshi will allow the account to log in with the new IP.
2) Another method would be to use multiple passwords. 1 password would be your every day password. When you log in with a new IP you will be required to put in the second password or answer a set of questions and answers that you submited. If gotten right then the SEN will let you in with the new IP.
COmbinations can also be used.
Report, edit, etc...Posted by Staredit.Net Essence on 2004-10-10 at 17:58:01
It's honestly your problem if your password is easy to guess or find...
Much more work for Yoshi also.
Much more work for Yoshi also.
Report, edit, etc...Posted by Yoshi da Sniper on 2004-10-10 at 18:50:58
IP address login wont work. Some ISPs have dynamic IPs, or change them without warning.
However, I will be putting something in for the future to combat password guessing. It will be optional, but the forums will ask you a question (that you input beforehand in your usercp), and you only know the answer to. The answer must be filled in correctly and your password must also be correct for you to login.
However, I will be putting something in for the future to combat password guessing. It will be optional, but the forums will ask you a question (that you input beforehand in your usercp), and you only know the answer to. The answer must be filled in correctly and your password must also be correct for you to login.
Report, edit, etc...Posted by DT_Battlekruser on 2004-10-10 at 18:52:50
My pass is a bunch of gibberish I manage to magically remeber. I'm not worried. 
Report, edit, etc...Posted by SaLaCiouS(U) on 2004-10-10 at 18:54:54
This would be better if Bolt came on so we could ask him if his password was something dumb like his name.
Report, edit, etc...Posted by Yoshi da Sniper on 2004-10-10 at 19:05:27
QUOTE(DT_Battlekruser @ Oct 10 2004, 06:52 PM)
My pass is a bunch of gibberish I manage to magically remeber. I'm not worried.
[right][snapback]84650[/snapback][/right]
[right][snapback]84650[/snapback][/right]
If you use it in more than one place then here, you should be worried. All someone has to do is take advantage of an unsecure password system elsewhere, and they have your account here too.
I've had hacker friends try to damage SEN. They failed to do so.
Report, edit, etc...Posted by Felagund on 2004-10-10 at 19:12:18
This is why Yoshi is God. I'm not worried about getting screwed up here!
Report, edit, etc...Posted by ZetaDragon on 2004-10-14 at 21:31:30
SWEET!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! staredit is back WOOT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 
Report, edit, etc...Posted by DT_Battlekruser on 2004-10-14 at 21:32:33
THis is not where you post such spam. 
Every day I wish I had the power to move topics, delete posts...
Every day I wish I had the power to move topics, delete posts...
Report, edit, etc...Posted by BSTRhino on 2004-10-15 at 07:48:40
Keeping your password concealed should be all that is necessary.
Yeah, I agree, if you keep that in mind, everything should be fine.
I'm not sure how Invision does its password handling, but you'd think it'd be good enough so if you see the encrypted password in the database you couldn't take it, copy it into your cookies and login as that person.
I don't know if I need to bother with typing this up, but, the safest way is to have the passwords in the database encrypted twice (or more) times with some one-way encryption/hashing function like md5. When you type in your password in the webpage to login, it's encrypted once and that is set as your cookie.
In the database, your password would be encrypted twice, and so to check it, the page would take the password in the cookie, encrypt a second time, and then compare that to the database.
This is secure because even if someone does have access to the password database, they would only be able to see the passwords encrypted twice, and so they can't login or spoof cookies since they wouldn't be able to work out what the string for the password encrypted once would be.
Although, I would presume Invision would be clever enough to know this. But who knows, you might as well check how the passwords are handled if you've got nothing to do.
QUOTE(Yoshi)
If you use it in more than one place then here, you should be worried.
Yeah, I agree, if you keep that in mind, everything should be fine.
I'm not sure how Invision does its password handling, but you'd think it'd be good enough so if you see the encrypted password in the database you couldn't take it, copy it into your cookies and login as that person.
I don't know if I need to bother with typing this up, but, the safest way is to have the passwords in the database encrypted twice (or more) times with some one-way encryption/hashing function like md5. When you type in your password in the webpage to login, it's encrypted once and that is set as your cookie.
In the database, your password would be encrypted twice, and so to check it, the page would take the password in the cookie, encrypt a second time, and then compare that to the database.
This is secure because even if someone does have access to the password database, they would only be able to see the passwords encrypted twice, and so they can't login or spoof cookies since they wouldn't be able to work out what the string for the password encrypted once would be.
Although, I would presume Invision would be clever enough to know this. But who knows, you might as well check how the passwords are handled if you've got nothing to do.
Report, edit, etc...Posted by BeeR_KeG on 2004-10-16 at 15:28:38
A little late but...
I have 5 passwords.
4 are important 1 isn't
4 are for BW, D2LOD, Wc3 and SEN they are all giberish that I remember.
The fourth one is just a passwords for unimportant things.
Anyways i think this topic should now be closed since Yoshi was the one trying to do this proyect(unless isolated wants to keep up with this)
I have 5 passwords.
4 are important 1 isn't
4 are for BW, D2LOD, Wc3 and SEN they are all giberish that I remember.
The fourth one is just a passwords for unimportant things.
Anyways i think this topic should now be closed since Yoshi was the one trying to do this proyect(unless isolated wants to keep up with this)
Report, edit, etc...Posted by Screwed on 2004-10-17 at 03:34:50
i have certain passwords i use for everything.
Report, edit, etc...Posted by .Coko[CK] on 2004-10-17 at 14:50:33
All my passwords link to something funny i see in everyday life, they are normally around 10 characters long, or more...
Report, edit, etc...Posted by Mini Moose 2707 on 2004-10-17 at 15:11:46
Yes, everyone has their own passwords and how they use them. Congratulations.
ยป Topic Locked
ยป Topic Locked