rgbstock
Passwords
1. micromoth27 August 2010, 15:54 GMT +02:00
In the interests of security it's good practice to change one's password from time to time, so today I went to change my RGB account password... only to find that I can't work out how to do it! Can someone (Lennie?) please enlighten me?
Thanks,
Kevin
2. lennie27 August 2010, 16:47 GMT +02:00
Hi Kevin,
Yes, they say you should change your password from time to time, but that is just if you use it to login. But currently when you visit this site again it will automatically log you in based on a cookie.
If you think someone possible would try to guess your password then it would be good to change it frequently. But possibly that person has the same cookie anyway, after the first login, so I doubt it would help.
You can change your password in your profile, http://www.rgbstock.com/profile or from your own user-page (there is an edit my profile link).
There is no way to retrieve the password from our system because we don't store any passwords just a 'one way hash'.
Sadly we don't have a way to change the cookie yet, not even indirectly (by logging out or changing your password for example) yet.
If we did build this in it would be a bit annoying though, if you have lets say 2 computers and we would automatically change the cookie for the browser on one computer, the other computer would also automatically be logged out.
Then again, maybe this is what you want, if we had a way to change the cookie. Maybe it should be connected to the changing of the password ?
If you are somewhere, for example at a friend, and you want to show something and need to login. A logout will trow away the cookie from that browser, so that will atleast solve that. I would be more worried about a 'key logger' though.
One way to protect a cookie would be to use https. We don't use https ('lock' in the browser) because it wouldn't matter much if things like cookies would be sufficient for someone to get in your account.
Or we would need to use https for the whole site, but that would slow down the loading of the site and images. And many ad-networks, etc. don't support https I think.
To recap, if someone gets your cookie, that would be bad. But your password is probably pretty safe.
3. micromoth27 August 2010, 19:37 GMT +02:00
Thanks Lennie, your explanation is most helpful. I will change my password, but I take your point about the cookie.
Kevin
4. lennie28 August 2010, 0:16 GMT +02:00
Sorry for the long comment. :-0
Anyway, I added some code. When you change the password, the cookie changes too.
Tip of the day: careful with wireless
6. lennie29 August 2010, 0:00 GMT +02:00
Sorry, maybe I should explain.
If you want to do 'sensitive' things, like online banking, you should keep a close eye on your browser-bar so it says it has 'the lock' (any site which has a 'green bar', should have it at all times).
Anything else which doesn't have locks (httpS:// instead of http:// ) and is kinda sensitve, I would recommend not to use wireless at all (I especially mean wifi).
WPA2 is kinda ok, but not perfect either.
Tip of the second day: make a bookmark of the site with 'https' (with the lock), so you don't visit the http-site at all. It usually is a redirect, but to make sure you get a warning that it isn't the real site you should visit the https-site directly.
