Jump to content

Support Pasting Password Into Game Login


3 replies to this topic

#1 Aegis Kleais

    Member

  • PipPipPipPipPipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 6,003 posts

Posted 14 June 2014 - 06:47 PM

For those who have random characters for passwords (generated by random password generators) it would be nice if the game supported the ability to paste from the clipboard rather than require the password to be put in manually.

Hopefully the user won't have to choose between a secure password and ease of logging in.

#2 Xarian

    Member

  • PipPipPipPipPipPipPip
  • Wrath
  • 997 posts

Posted 14 June 2014 - 09:05 PM

If you're copy-pasting your password: it isn't secure, no matter how random you think it is.

#3 Aegis Kleais

    Member

  • PipPipPipPipPipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 6,003 posts

Posted 15 June 2014 - 08:18 AM

That doesn't make any sense. How is copy/paste insecure?
  • I use a tool that creates randomized variable-length password generation, making the password strength as high as possible. Compare this to other users whose passwords can be guessed often enough through social engineering.
  • I use a tool that immediately clears the OS' clipboard after a paste attempt.
  • In the event the PC was compromised with a keylogger, no keys beyond the pressing of the keyboard sequence to copy the encrypted password into the clipboard would be captured. To counter this, latest anti-virus and anti-malware is maintained on the machine. And with the understanding that this isn't a 100% guarantee, it is still putting the user at a better state of protection than to be without it.
  • The application is responsible for encrypted authentication processing, so whether the password was pasted in or typed in manually, from that point forward, it is outside the control of the user.
  • The PC is not only secured physically, but is a single-user machine.
So where, exactly, does the insecurity lie in the above processes?

#4 Adamski

    Member

  • PipPipPipPipPipPipPipPip
  • Mercenary
  • Mercenary
  • 1,071 posts
  • LocationCanada

Posted 15 June 2014 - 04:11 PM

Either the file where you store the passwords is unsecure, or it is vulnerable to the exact same social engineering that standard passwords are.

Not to mention how having all your passwords stored in a file will restrict you to carrying that file with you for mobile access.

But if that is how you choose to spend your time, all the power to you.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users