Forum QuickConnect Best way of remembering username/password for simple users

Discussion and help relating to PlayerIO's QuickConnect feature, including Facebook Connect and Kongregate Connect.

Best way of remembering username/password for simple users

Postby Sandhesten » April 28th, 2011, 7:15 pm

I would like to provide the typical "Remember me" checkbox, that the user can tick when logging in as a simple user, so he doesn't have to type in username and password every time.

With Facebook users we get the access_token, which can be used to subsequently login returning users, but for simple users it requires username and password for logging in.

I know that I could just grab username and password from the login text fields and save them to a local shared object for the next time, but I don't feel that it is a very elegant, let alone secure, way of solving this.

Any ideas?
Sandhesten
Paid Member
 
Posts: 6
Joined: June 15th, 2010, 8:00 pm

Re: Best way of remembering username/password for simple users

Postby Benjaminsen » April 29th, 2011, 10:28 am

Remember me relies on you storing some auth information on the local computer. Storing a hash is pretty much as insecure as storing username and password. So typically I would just store username and password in a local shared object.

There is some argument to be made that thats bad behavior as other users would then be able to steal users credentials, and we all know how often users reuse their passwords. A simple way to get around this is to MD5 or similar the passwords before sending them to quickconnect.

IE. The passwords send to Player.IO would then always be hashed. This does however break the recover-password mechanism thus it's not optimal.

/Chris
Benjaminsen
.IO
 
Posts: 1444
Joined: January 12th, 2010, 11:54 am
Location: Denmark

Re: Best way of remembering username/password for simple use

Postby wgfunstorm » September 3rd, 2012, 4:40 pm

Bumping this thread since it's 1 year old and I have the same question.

Has anything changed? I definitely don't want to save the actual password locally, so I want to hash it, but then again not providing any way to reset the password is also a no-no.

The way I see my options right now in order of preference:
1) Not an option because I can't do it: Save hashed password locally and provide some way to reset the password :cry:
2) Don't remember users :cry:
3) Not an option because it's a terrible user experience: hash passwords locally without a way to reset passwords :cry:
3) Not an option because it's terribly insecure: save actual passwords locally :cry:

Seems there is no good option unless somebody has an idea or something has changed...
wgfunstorm
 
Posts: 16
Joined: January 21st, 2012, 4:10 pm

Re: Best way of remembering username/password for simple use

Postby jgold » November 23rd, 2012, 4:07 pm

How about just remembering the username in a shared object? Not quite what you want, but just auto-filling the username would shorten the process at least.
jgold
Paid Member
 
Posts: 10
Joined: November 20th, 2012, 8:14 pm

Re: Best way of remembering username/password for simple use

Postby TharosTheDragon » March 22nd, 2013, 8:30 am

I'm sorry, I'm confused. Why is it insecure to save passwords locally? Are we just talking about it being stolen by other people using that computer, or are you saying there's some way for remote users to get the information when Flash saves a local shared object? If it's just a shared computer issue, isn't it pretty common practice to not save passwords when you're not using your own personal computer?
TharosTheDragon
 
Posts: 17
Joined: February 6th, 2013, 7:56 am


Return to QuickConnect