Bots and >>>>>>>

Posted by Alert Games on June 23, 2013, 11:56 p.m.

Quote: flashback
This is but the first step in replacing all 64digits staff and members with bots.
Seriously, there should be a site where theres calculated intervals of postings based on some kind of news system where all of the characters fit into a role… Also wasnt there a 64RPG being made? Or something…. I dont come around as often as I used to….

So I had this security idea, and figured before implementing it id like your opinion! Woo!!!1 so anyway:

Username: your username

Password: your somewhat complex and long enough password

Pass phrase: what you will need to type in every time, but it can be simple! (NOT stored)

Both password and pass phrase go through a double hash.

a) First is so that it cannot be hacked on your computer or over the wire

b) Second is on the server end, so login attempts cannot be made with the request strings

This has a couple advantages: You won't need to remember your secure and complex password every time, and it is not stored at all so there is no way to grab it unless you have a key logger (in which case I'm not sure how you would NOT be fucked…)

EXPLANATION:

This handles the different tiers of security:

1) The password is stored locally, so people without your password (such as over the internet) can't access your account easily.

2) You'll have to make your password a little more complex to avoid hacking, but you only need to enter it once per profile per device.

3) You will need to remember your simple passphrase, which is NOT stored in the event that something was trying to steal your password. (so malware can't obtain it)

That way your passphrase can be like "steven", and still have a secure entry.

THOUGHTS?

*************************

Also, on a random side-note that I know will be the only discussion on the topic here: What the hell does it mean when a chick writes ">>>>>>>>>" in her tweets? the fuck.

Comments

F1ak3r 11 years, 6 months ago

Hmm, okay, I had a feeling the password was a per-device thing, but I wasn't sure. It does fit with the convenience-security tradeoff. I can see how it would probably work well as long as you own all the devices, but if you logged in from a public PC (at a webcafe or whatever) or someone else's, it'd store the password hash on that, which maybe isn't so great – but then you could always avoid that with a good old remember me checkbox.

Quote:
FlakerIsAFlakySOaB
Damnit, how did you figure out my password for everything? BRB changing it…

Alert Games 11 years, 6 months ago

@F1ak3r: I do have that right now… I think it will depend on how I design the interface to be simple to use.

@GirlWritesWhat: Haha, nice, but it really depends on circumstance. What women like is being able to be confident, protective, but still a "good guy" otherwise

sirxemic 11 years, 6 months ago

Quote:
sha1; sha128
lol are you even trying?

In any case, you might just as well leave the "passphrase" out; it doesn't protect you from anyone EXCEPT people who actually use your computer.

Alert Games 11 years, 6 months ago

@sirxemic: Ha, it was an example, but yeah I think it might seem too complex.

sirxemic 11 years, 6 months ago

It's not really complex, it just protects your account at the client-side a bit more than conventional methods, but that's pretty much it. It's like a tad more secure "remember me" feature.

JuurianChi 11 years, 6 months ago

For some reason, this blog consistently shows up twice on the activity bar.

:|

Anyway, I really don't get the point of having a passphrase. If anything, I would just treat it like a secondary password or a simple to use :OHNOIforgotMYREALPasswordBUTTHISONEISEasyTOREMEBER:

and ">>>>>>>" is a social symbol that KKK Wives use to show her Nazi friends what rank their husband is in their Local Branch.

>>>>@>>>> is Grand Wizard.