Forum Index » Suggestions
Back

Suggestions

Make Flight Rising better by sharing your ideas!
TOPIC | Forgot Password RECOVERY
1 2
@Hyoka

The idea isn't that a person will get your password through your email, it's that they'll get everyone's passwords via the database the site stores them in. Currently, that's impossible, because the site doesn't store the passwords at all- it stores some sort of randomly generated nonsense that is invented. The nonsense isn't just a simple translation, it's completely random, so even if someone got into the database, they wouldn't be able to figure the passwords from it. Essentially, this way of setting things up is nearly 100% safe, while storing the passwords is inherently risky.

If I'm remembering right, after there was a big scare with some other site's database being hacked, FR upped their security because a lot of the users demanded it. Everyone had to make a new password at that time. It think it was then that they added this extra hashing, I don't think it was always how the site worked. Given that they added it post-release, and given that the change was prompted by user demand, I doubt they'd remove it.
Drakel
375
140
750
5061
October 01, 2016 12:35:57
@Hyoka

The idea isn't that a person will get your password through your email, it's that they'll get everyone's passwords via the database the site stores them in. Currently, that's impossible, because the site doesn't store the passwords at all- it stores some sort of randomly generated nonsense that is invented. The nonsense isn't just a simple translation, it's completely random, so even if someone got into the database, they wouldn't be able to figure the passwords from it. Essentially, this way of setting things up is nearly 100% safe, while storing the passwords is inherently risky.

If I'm remembering right, after there was a big scare with some other site's database being hacked, FR upped their security because a lot of the users demanded it. Everyone had to make a new password at that time. It think it was then that they added this extra hashing, I don't think it was always how the site worked. Given that they added it post-release, and given that the change was prompted by user demand, I doubt they'd remove it.
eSzGOae.pngCollector of Sickle Claws
Last edited on Oct 01, 2016 12:36:24 by Drakel
Recovery might be easier for the individual but reset is safer as it prevents a hacker getting everyone's password. I don't want to see the more risky recover password put in instead of the safer reset password
DragonSage
473
207
1130
14657
October 01, 2016 12:57:46
Recovery might be easier for the individual but reset is safer as it prevents a hacker getting everyone's password. I don't want to see the more risky recover password put in instead of the safer reset password
3DS Friend Code: 5300-9941-4980
#UnnamedIsValid .:. Nature Sales Thread .:. Strider Subspecies
@Hyoka

Your inability to remember a password is your own fault. People have already listed the reasons this is a bad idea.
Div3rge
0
62
200
2495
October 01, 2016 14:52:08
@Hyoka

Your inability to remember a password is your own fault. People have already listed the reasons this is a bad idea.
The Unknowable-A Hatchery|Transcendence Leveling Service
knhLXgs.png
1 2