what games are you playing that save your password? This is pretty freaking standard.

Also nobody will add anything from a post here lol. the only thing you can do that would be LESS effective at getting something in thegame would be to ask your mommy to fix it for you. Seriously go to the actual game site. You know that's a thing right? Steam isn't the developer...

Randy Marsh původně napsal:

what games are you playing that save your password? This is pretty freaking standard.

Also nobody will add anything from a post here lol. the only thing you can do that would be LESS effective at getting something in thegame would be to ask your mommy to fix it for you. Seriously go to the actual game site. You know that's a thing right? Steam isn't the developer...

War thunder has this mechanic

Randy Marsh původně napsal:

what games are you playing that save your password? This is pretty freaking standard.

Also nobody will add anything from a post here lol. the only thing you can do that would be LESS effective at getting something in thegame would be to ask your mommy to fix it for you. Seriously go to the actual game site. You know that's a thing right? Steam isn't the developer...

Rift, Tera, Guild Wars 2, etc. Warframe is one of the few that doesn't.

Kaasahthur původně napsal:

Randy Marsh původně napsal:

what games are you playing that save your password? This is pretty freaking standard.

Also nobody will add anything from a post here lol. the only thing you can do that would be LESS effective at getting something in thegame would be to ask your mommy to fix it for you. Seriously go to the actual game site. You know that's a thing right? Steam isn't the developer...

Rift, Tera, Guild Wars 2, etc. Warframe is one of the few that doesn't.

TERA has never saved my pw that i am aware. The other ones I couldn't say. besides if this is something serious the op needs to post it at the de forum not here where nobody cares lol

Hell NO.One reason to keep remember your password saved on you pc its ( certain format date file) so...When you get trojan or some sort bug from the web or hacker sents you infected email that file is copied sent over web and your acc is gone.

Randy Marsh původně napsal:

Kaasahthur původně napsal:

Rift, Tera, Guild Wars 2, etc. Warframe is one of the few that doesn't.

TERA has never saved my pw that i am aware. The other ones I couldn't say. besides if this is something serious the op needs to post it at the de forum not here where nobody cares lol

It's very true haha I was just giving some examples of what he could be playing.

vmrob původně napsal:

I'm completely new to the game and the first thing I noticed was the lack of password saving mechanism. Not only does having to remember a password reduce overall account security, but it's also inconvenient for players.

I've seen people tend to defend the decision by saying such a mechanism is more secure, the password isn't safe if it's on your computer, that it shouldn't be inconvenient to type in a password, that you should remember your passwords anyways, and other poor excuses, and they are all logically incorrect. The best thing to do here is allow the saving of passwords so people who do care about password security and use unique passwords such as "6Z0f11Mw2pda4HXUHTEyfSJjdBx8ys" aren't inconvenienced by having to open up their password manager every time they play the game.

reduces overall security? what? so if someone can go on and access your account as long as they are on your device is safer? am i missing something here?

Kaasahthur původně napsal:

Randy Marsh původně napsal:

TERA has never saved my pw that i am aware. The other ones I couldn't say. besides if this is something serious the op needs to post it at the de forum not here where nobody cares lol

It's very true haha I was just giving some examples of what he could be playing.

no that's totally cool i dig it, and i was actually kind of wondering. I haven't played GW2 since launch and haven't touched Rift, but i played a few hundred hours of TERA. it's possible i don't even ever save my PW anyway, just my account name

@Prax yeah that's what i was thinking, like then anyone in your house can just log into your account and ♥♥♥♥ things up!

One thing I've seen a game do and I can't even remember which one is you can save your password, but whether you type it in or save it afterwards you still have to do a 4 digit PIN type deal to log-in.

I would have posted it to the forums, but I'm not allowed to create new posts. It's probably due to a new account.

As for the whole "if they have access to your device" thing, that's expected. If they have access to your device, they could install a keylogger, screencap program, or any number of other tools to get your password. If you don't keep your physical machine secure, then there's absolutely nothing that can help you.

On the other hand, password reuse doesn't have to affect your computer. Let's say, that because you can't remember a ton of unique passwords for different accounts and you don't bother with password managers, you use the same password on Warframe as you do another game website such as Gamigo, then once their servers were breached in 2013, your account on warframe could be compromised. Or, let's say you use the same password as you do your email and then warframe's servers are hacked. See where this is going? Password reuse is a really bad idea and enabling people to easily use secure passwords is the absolute right thing to do.

What I'm proposing isn't new, novel, or even an unusual request. As far as passwords, account security, and authentication goes, it's pretty standard. Surely you aren't suggesting that you actually type your password for steam every time you turn on your computer? In my case, not only do I not type it in, but I use a password manager to remember the password for me when I am required to.

If you're *really* concerned about security and think that saving an encrypted version of your password on your computer is bad, it would be pretty trivial for them to include geolocation and device profiling to require your password when you log in from a new location. They could also implement 2 factor so that even if someone does have access to your computer, they can't log in without also having access to your phone or email.

Seriously, this isn't new. As far as the rest of the world is concerned, it's best practice.

I should reiterate: I'm not trying to argue here. I'm suggesting something that's incredibly common (especially outside of games) and is a definitive best practice (password managers, 2 factor auth, unique crypotographically secure passwords).

If you're genuinely interested in understanding why those things are good and why this change would be good, I can provide insight into that, but I can't help it if insults start flying around because that gets us nowhere. Frankly, I just won't be bothered by it. But if you're curious as to how it would increase the overall security of the system, I can certainly provide details.

vmrob původně napsal:

I should reiterate: I'm not trying to argue here. I'm suggesting something that's incredibly common (especially outside of games) and is a definitive best practice (password managers, 2 factor auth, unique crypotographically secure passwords).

If you're genuinely interested in understanding why those things are good and why this change would be good, I can provide insight into that, but I can't help it if insults start flying around because that gets us nowhere. Frankly, I just won't be bothered by it. But if you're curious as to how it would increase the overall security of the system, I can certainly provide details.

not trying to insult you or anything i just don't see the need for it. I have all my passwords on an external HD and i copy/paste them when i log. I don't save my info anywhere, and yes i login to steam when the computer starts up. every single time.

I do this because i have a wide array of passwords, and most of my accounts are protected by my phone number. I share some passwords between different accounts, but none of them are exactly the same, and none of them are my email pw.
Mainly what i don't want, is my room-mates seeing my computer on and loggin into things, OR getting a RAT somewhere and suddenly this jerk is remote-loggin my computer and installing a keystroker. Is there an easier way to do this? Maybe, but it gives me peace of mind.

and that's kinda how i do it lol

@randy it's really great to hear that you're using a password management strategy that doesn't involve memorizing passwords. It is worth knowing that most people do not do that. On a sidenote, if you're managing your passwords in a text file or something similar, I would highly recommend looking at the password manager or some sort of encrypted note text program. I use 1password. Pricey, but my primary platform is Mac and it's the best for that. Free alternative would be lastpass or keepass. Both are very good. Otherwise, I would just say keep up the good work.

vmrob původně napsal:

I would have posted it to the forums, but I'm not allowed to create new posts. It's probably due to a new account.

As for the whole "if they have access to your device" thing, that's expected. If they have access to your device, they could install a keylogger, screencap program, or any number of other tools to get your password. If you don't keep your physical machine secure, then there's absolutely nothing that can help you.

On the other hand, password reuse doesn't have to affect your computer. Let's say, that because you can't remember a ton of unique passwords for different accounts and you don't bother with password managers, you use the same password on Warframe as you do another game website such as Gamigo, then once their servers were breached in 2013, your account on warframe could be compromised. Or, let's say you use the same password as you do your email and then warframe's servers are hacked. See where this is going? Password reuse is a really bad idea and enabling people to easily use secure passwords is the absolute right thing to do.

What I'm proposing isn't new, novel, or even an unusual request. As far as passwords, account security, and authentication goes, it's pretty standard. Surely you aren't suggesting that you actually type your password for steam every time you turn on your computer? In my case, not only do I not type it in, but I use a password manager to remember the password for me when I am required to.

If you're *really* concerned about security and think that saving an encrypted version of your password on your computer is bad, it would be pretty trivial for them to include geolocation and device profiling to require your password when you log in from a new location. They could also implement 2 factor so that even if someone does have access to your computer, they can't log in without also having access to your phone or email.

Seriously, this isn't new. As far as the rest of the world is concerned, it's best practice.

why should they do all that when they are asking for a password? it's much more convenient than phone or email

How to password.

Think of two unrelated words you will remember easily, let's use 'Apple' and 'Chest'. These words will be your base. Every password you have will start with 'applechest'.

Next look at what you're making the password for, let's say its for your bank 'Steam United Bank'. Now take something from that which is easy to remeber and slap it on the end of applechest. How about the first letter of each word or 'sub'.

applechestsub

Now for your Warframe account. How about taking 'frame'.

applechestframe

Now Netflix.

applechestflix

With a method like this every password can be tough to crack individually as it is three totally random words, yet easy to remember because it all follows a similar format.

Anyways, back on topic. MMOs tend to be split pretty evenly on the remember password feature. Some have it and some don't. As to what is more secure... I don't like the idea of having all my passwords in one easy to find file that is often targeted, and my method makes it pretty easy to have "unique" passwords for everything.