Forwarded: Password Guarded Deletion & Timed Deconstruction

[Dead-Eye]

Learn your self, I'm not supposed to teach you.

It's a legit question. What are you on about?

 

[DeletedUser]

It's a legit question. What are you on about?

I know a password cracker... a very horrible person!
I think we should work with a QR reader for all our login endeavors.
Trust no one if he hates someone he’s just relentless.

 

[DeletedUser113235]

Can I assume this means the security issues you raise are just a bad feeling about this in the sense of “hey this is my password I should protect it” or are there any real and rational reasons you are to share?

From the aspect of Security, there might be a problem if just one thing is done incorrectly or if there is a little bug.

How does this password transferred?
Is there any Hashig on my password?
Which process handles this data in the server?

This is just adding more work to the server.

On the other hand, I think that PIN Codes are better than password, because the client can handle them without the server at all.
Just randomize 4 digit number, and ask the user to re-enter the code.

 

[DeletedUser113235]

I know a password cracker... a very horrible person!
I think we should work with a QR reader for all our login endeavors.
Trust no one if he hates someone he’s just relentless.

Password cracker is just a Brute-Force or Dictionary-Attack.

If you have weak password or well-known password and even manipulated well-known password, Then those tool can crack your password within few seconds up to few hours.

Password like: 123456, password321, ForgeOfEmpires1, ILoveCats, FunG4m3, etc.... Are extremely bad.

It also depends on the Hashing Function itself, SHA-256, SHA-512 and more.


5 years ago I played a game that didn't have Encryption at all! He just stored the password as plain text in the Data Base.
Some websites today still do it, and you can figure it out by clicking on "Forgot my password" when login.
If you received your real password on Email, then you should not use this website never!

If you want QR scanner then Forge Of Empires must have Camera Permissions, and you also need to have unbroken camera and redesign all the back-end development so it will fit QRs and not password. Simply use Strong Passwords.

 

[DeletedUser113235]

What security issues?

The way you asked this just shows that you disrespected my reply, and that you think I'm babbling.
Well, this us what you know about security if you think I'm babbling.

Why don't you right away say you do not know and are just babbling?

And that's the prove for it, you just hate everything I say. Well, read the detailed answer above and I hope you will understand "What security issues".

 

[DeletedUser]

When one gains unauthorized access to our account one way or the other I am sure support is to detect this quite fast and acts upon it and on the eventual damage I suppose.
Full proof just doesn’t excist on the Internet.
We are just playing a game I think it is a somewhat too much protective way to go.
I have to confirm my password in particular on the safest sites.
But really full proof idk and this in relation to a game from which support is ultimately keen on things.
I feel this is somewhat too much protective and weary to remain practical.
After all password skimming can be done already if one insists and is devoted to it but I think those who aim for that go for more lucrtive results.

Edit: for spelling sakes

 

[Galladhorn]

A password for this is not that difficult – It only need to protect agaist a rushy and/or a missclick action.
On e.g Netflix a 4 digit code can be set to avoid kids seeing a violent show – Does not need to be a full security advanced password - that is already done by the log-in.

 

[DeletedUser99692]

May I remind you all from Section 1 of Game rules;
Sharing your password with another person is forbidden.
Knowing, storing, or asking passwords for other players’ accounts is forbidden. If another player
sends you their password, you must always report them.

Your password is never on open display within your account so even the scenario of a drunk friend, joker workmate / school mate etc should not happen if this was implemented for GBs only so unless you have shared it there would be no need for concern.

+1 my vote

 

[Agent327]

The way you asked this just shows that you disrespected my reply, and that you think I'm bubbling.
Well, this us what you know about security if you think I'm bubbling.

Babbling, not bubbling. Trust me, the last thing I want to see you do is bubbling. I shiver by the thought.

And that's the prove for it, you just hate everything I say. Well, read the detailed answer above and I hope you will understand "What security issues".

I do not hate everything you say. Just hate that you think that everything you say is very important. It does not matter if you store the passwords in plain text or encrypted in the DB. What matters is that you prevent people from getting there. Encryption doesn't make it safe at all.

 

[DeletedUser113235]

Babbling, not bubbling. Trust me, the last thing I want to see you do is bubbling. I shiver by the thought.


I do not hate everything you say. Just hate that you think that everything you say is very important. It does not matter if you store the passwords in plain text or encrypted in the DB. What matters is that you prevent people from getting there. Encryption doesn't make it safe at all.

lol sorry, fixes the 'u' to 'a'.
Did not noticed that.

And it is important how they stored the passwords.

What if someone hack the DataBase?
Illegal? -Yes.
Impossible? -Of couse not, anything is hackable.

What if there is a bug in the server?

What if just a mad employee opens the Data Base and crack some account cause he can simple see their passwords.



But this thread is not about security, its about preventing deleting GBs.
Use own password for that? -No
Use PIN or anything else withthe concepts? - Yes, no problem.

 

[Emberguard]

What if just a mad employee opens the Data Base and crack some account cause he can simple see their passwords.

I'm sure there's already policies in place in regards to preventing that sort of thing given how thorough they are in other security areas

If it's not about security then it's a moot point as to which method is used in regards to this discussion. Either it's relevant to the topic or it isn't and should be left to the devs to handle. However you've made your point and offered alternative solutions so that should be satisfactory for now.

 

[DeletedUser113901]

A problem with the do not share your password rule is the app (well, Android at least) recalls your login information. It displays the last you tried per default, if the last login information you tried was wrong and you changed languages, it resets to your last right login information. So if I open the app, change language to a random one, change back to the wanted language and hit login, I can login without even having to know nor figure out the password. Is that intended? Is there a way to prevent it?

 

[DeletedUser]

A problem with the do not share your password rule is the app (well, Android at least) recalls your login information. It displays the last you tried per default, if the last login information you tried was wrong and you changed languages, it resets to your last right login information. So if I open the app, change language to a random one, change back to the wanted language and hit login, I can login without even having to know nor figure out the password. Is that intended? Is there a way to prevent it?

A pincode on your mobile.

 

[DeletedUser]

Oh I know something horrible !!!
What if one connects via facebook and has no password at all
That besides from the very sensitive password from FB!

Oh I know people shouldn’t have joined that ridiculous platform at all: I guess they just deserve the pain!

 

[DeletedUser99692]

In that event they can contact support to change their login method and set a password. Same applies to all third party logins should the player wish.

 

[DeletedUser113110]

+1.
Only GBs though. I'd hate to have to enter my password for every single time I replace a building.

 

[DeletedUser108359]

I think a simple "Are you sure you wish to delete this building?" question and you type YES should be more than enough.
+1

 

[FelixPSY375]

+1.
Only GBs though. I'd hate to have to enter my password for every single time I replace a building.

+1 for only GBs
Imagine a gain happiness quest and you build the faces and gates to completed it, but when you complete the quest then you will have to delete them 1 by 1, entering a password every time