Forum QuickConnect User Password Reset

Discussion and help relating to PlayerIO's QuickConnect feature, including Facebook Connect and Kongregate Connect.

User Password Reset

Postby hyperion51 » January 26th, 2018, 1:53 am

I just put in Simple Users authentication for my game, but my login form is missing a rather important industry staple: password recovery. Does PlayerIO really not support this essential feature?

I notice that it's possible for me to change a user's password manually via the QuickConnect control panel, but it would look very amateurish if my password recovery protocol is "send me a tweet and we'll figure it out." Obviously I can't release like this.

What do devs using PIO usually do when they need this feature in order to not look like idiots? I wouldn't even know where to get started on making my own authentication system. Am I supposed to host my own database on a server somewhere? If I need to host things myself, why would I be using PlayerIO at all instead of some open source framework? A Linode gets me 1TB traffic for $5, which you would charge hundreds for...
hyperion51
 
Posts: 17
Joined: June 29th, 2017, 3:52 pm

Re: User Password Reset

Postby hyperion51 » January 29th, 2018, 2:15 am

Nevermind, I found it in the QuickConnect API. I was thrown off by the SimpleUsers page stating that "this data cannot be changed after registration, and cannot be accessed through the client libraries", not realizing that was referring only to the additional data, not the password mentioned earlier in that paragraph.

I also apologize for my tone. I will endeavor to be less judgmental in the future.
hyperion51
 
Posts: 17
Joined: June 29th, 2017, 3:52 pm

Re: User Password Reset

Postby robscherer123 » January 29th, 2018, 5:58 pm

Wait, is there a way for a user to change their password? What you've mentioned has been a super big issue for me. Users not being able to change their password is a very essential thing. I've mentioned it before but still no word. =/

I know that users can change their password via an email they have linked, but if a user did not sign up with an email, or entered a fake email address, etc, then their is still no way for them to change their password which is a critical account feature. Up to this point users have to email me personally to have their password reset which is extremely inefficient.
robscherer123
Paid Member
 
Posts: 304
Joined: December 12th, 2012, 8:46 pm

Re: User Password Reset

Postby hyperion51 » January 29th, 2018, 8:35 pm

You're right, the password reset functionality in PIO definitely requires a valid email. I'm not too concerned, though, since that's how it works for every app as far as I can see. The solution is always "call customer service and change the email".

Doesn't this pose something of a security risk, though? If a guy doesn't have the password or the email to his account, how do you even know he's the guy who opened it?
hyperion51
 
Posts: 17
Joined: June 29th, 2017, 3:52 pm

Re: User Password Reset

Postby robscherer123 » January 29th, 2018, 9:06 pm

Having an email helps but also if your game doesn't REQUIRE an email, then any users who signed up without one are completely screwed if they need to change their password. You could always make an email mandatory, but then that lengthens the sign up process and also discourages those who might not have an email or don't want to enter an email just to play a game.

Also, users who no longer have access to their email, or whose email has been compromised have no way to change their password or the email associated with it.

The route I current have to take is to have users either send me a screenshot of their account logged in or tell me their current password and I can verify by trying to log into their account. The latter of which is pretty unprofessional.

The whole thing could be fixed very simply I would think. Just implement the following methods (or at very least the ChangeEmail method. Both would be called after a player has already been authenticated.

Code: Select all
PlayerIO.QuickConnect.ChangePassword("newPasswordHere", "verifyOldPassHere");

PlayerIO.QuickConnect.ChangeEmail("newEmailHere", "verifyOldPassHere");
robscherer123
Paid Member
 
Posts: 304
Joined: December 12th, 2012, 8:46 pm

Re: User Password Reset

Postby hyperion51 » January 30th, 2018, 12:18 am

If the person knows their password, what's the problem? Sure, I guess the ability to change (not recover) passwords and emails would be nice, but that's not something people do often, is it? In any case it still wouldn't solve (what I assume to be) your core problem of users without valid emails being unable to recover a forgotten password.

In any case you can definitely verify a user's password without logging in, using the QuickConnect listing on your dashboard. Isn't that what you're already using to effect the change once you've confirmed the user's identity?

Also, if you absolutely have to lower the bar for entry to the point where you don't even want to ask for a valid email, why not include a default guest mode that doesn't require a login at all but assigns a GUID instead of a username?
hyperion51
 
Posts: 17
Joined: June 29th, 2017, 3:52 pm

Re: User Password Reset

Postby robscherer123 » January 30th, 2018, 4:24 am

Well usually what happens in my case is a user is playing my game and "his friend saw him type his password", or " I gave my password out to my friend and now I need it changed because I dont' trust him".. Or "I created a very easy to guess password, but now that my account is high level and has many valuable items on it I want to make sure my password is secure". Or many other cases. While it's most definitely a mistake on some of those players end, it's still a pretty needed feature to be able for the user to change their password in that case.

Hmm, unless I am missing something super obvious then I don't think there's anyway for me to verify a users password via the Quickconnect panel is there? I can change passwords there but I cant check/verify existing ones. The only way to so that would be to login in-game.

Yea, I could and probably will create GUIDs in the future, but I still think changing passwords for users is a pretty needed thing.
robscherer123
Paid Member
 
Posts: 304
Joined: December 12th, 2012, 8:46 pm

Re: User Password Reset

Postby hyperion51 » January 30th, 2018, 5:19 am

Nope, I'm the one who missed the obvious - the QuickConnect panel indeed never displays passwords. That was sloppy of me.

Still, users would be able to change their passwords themselves as long as they have valid emails; meaning the easiest way for PIO to solve the problem would be to add the ability to update an account's email via API, right?
hyperion51
 
Posts: 17
Joined: June 29th, 2017, 3:52 pm


Return to QuickConnect



cron