Global Passwords, security, and common sense

Important stuff goes here.
Locked
User avatar
JeffM
Staff Sergeant
Staff Sergeant
Posts: 5195
Joined: Fri Dec 13, 2002 4:11 am
Location: https://github.com/OmniTanks
Contact:

Global Passwords, security, and common sense

Post by JeffM »

It has come to light that there are a number of people out there who are using their forum passwords on old servers that still use the /identify option.

This is not a good thing. Doing so is effectively giving the server owners access to your account. The older system sent passwords in clear text and could be saved in server logs. This is the entire reason we went to a global system, where the game servers do not ever see the password.

Some users have had there accounts compromised due to the fact that they sent out these clear text passwords, or just have stupidly short passwords.

There have been cases of people setting up servers that take local /identify registration JUST TO STEAL PASSWORDS.

Everyone should follow these guidelines.

1) Prefer to use global auth (i.e. logging in from the Join Menu) whenever possible.

2) If you ever have to do a /register or /identify in a game, DO NOT USE YOUR FORUM PASSWORD. Pick a new one. Servers that use those commands where you type stuff in to the game are not this system. No server operator will ever need to ask you what your password is. No Forum admin will ever ask you what your password is. We don't ever need to know it. Even if you forget it we can just reset it.

3) If you used an older "auto identify" script or command line, REMOVE IT. You are sending out your password to everyone. Since 2.0 the game has handled it's own password. The only place you should ever have to put your forum password is in the page where you set your callsign. The game will save it from then on.

4) Make your passwords be of a decent strength. We recently had someone who had a password of a SINGLE LETTER. This is just stupid.

5) If you are an admin or cop on a server, protect your password. That password can let anyone have your powers. Letting the password out is gross negligence and often results in removal from the server.

If your account is not secured and is used for abuse, then you run the risk of being removed or baned from many servers. Any time we see someone who has an account that appears to be hacked, we will change your password and send you an email, but we can't be held responsible for catching them all. For the safety of the game we will remove, disable, or ban accounts that are use for abuse.

Your account is your responsibility, use it wisely.
ImageJeffM
Locked