Security updates to the user system

Monday 13th August, 2012 Comments 0 comments
Posted by Roguey, Global Admin.
Today ive been working improving the security of the user system - not because the system was compromised but for improvement. In the older system, passwords were stored as text in the database. So this meant if someone got through to the database they could potential get everyone's password in one fell swoop. I can only speak for myself, and I don't use the same passwords on different sites however maybe some of you do. So I have to think about the security for everyone - I don't want to cause any problems for anyone else.

So now all passwords are encrypted in the database. This if the unfortunate happened, it would be a lot harder to work out everyone's password. This also means that I don't know anyone's password either. So it's impossible for me to help with that. However two more updates have been done: forgotten password and change password.

The forgotten password function allows you to reset your password with a random password. You will need access to your email account to do so. A random password is shown only once, so remember to write it down before you change page. Then after, change it to something better!

This brings me onto change password function. Whilst this isn't really a new function on the site, its been upgraded to encrypt passwords too. If you do change your password, all old logins from your account will be vetoed. This is good if you think someone has been using your account, all you need to do is change your password.

Hopefully everything should work without any problems - if ive done everything correct.


Comments

Avatar To post comments you need to register and log-in.
⇊ Load more comments ⇊
Hello quest