PDA

View Full Version : Forgot the password


FiFo
5 Sep 2007, 18:18
i just entered a random password, and now i don't remember it
HEEEEEEEEEEEEEEELP

parsley
5 Sep 2007, 19:40
Oh schist! (Sometimes, the profanity filter really, really, funks me off, load of parse that it is).

I'm sorry, but you've probably lost everything.

Worms PSP has seriously heavy-weight security. For a start, this means that no-one can tell you your password if you forget it. Note that this is not I won't but I can't: no-one has a record of your password, it doesn't exist in the system.

As with all serious security, the easiest way to crack it is by using human factors... and I'm one of them (with certain access to the database, I'm a huge risk).

But, as I said, Worms PSP has seriously heavy-weight security: this means that the system is protected (as best it can) against a malicious-me.

If I could reset passwords, then the easiest way to hijack someone else's account would be to ask me to change the password and hand it over. However, there's no way for you to prove that the account in question actually belongs to you. Note that I don't disbelieve you, I'm sure this is a genuine plea for help, but that's the difference between confidence and security: I'm confident that you're being honest, but the system requires proof.

Unfortunately, I can't reset your password (thus protecting all of you from malicious-me), nor can I delete your account so that, at least, you could re-use your chosen online name.

I'm really sorry and I hope you haven't lost too much.

If you've uploaded flags or levels, there's a small chance that I can retrieve them for you so please PM your account name to me and I'll see what I can do.

Finally (and uselessly, in context), there's a "Save Password" option in your profile.

enigma_0Z
5 Sep 2007, 19:55
Oh schist! (Sometimes, the profanity filter really, really, funks me off, load of parse that it is).

I'm sorry, but you've probably lost everything.

Worms PSP has seriously heavy-weight security. For a start, this means that no-one can tell you your password if you forget it. Note that this is not I won't but I can't: no-one has a record of your password, it doesn't exist in the system.

As with all serious security, the easiest way to crack it is by using human factors... and I'm one of them (with certain access to the database, I'm a huge risk).

But, as I said, Worms PSP has seriously heavy-weight security: this means that the system is protected (as best it can) against a malicious-me.

If I could reset passwords, then the easiest way to hijack someone else's account would be to ask me to change the password and hand it over. However, there's no way for you to prove that the account in question actually belongs to you. Note that I don't disbelieve you, I'm sure this is a genuine plea for help, but that's the difference between confidence and security: I'm confident that you're being honest, but the system requires proof.

Unfortunately, I can't reset your password (thus protecting all of you from malicious-me), nor can I delete your account so that, at least, you could re-use your chosen online name.

I'm really sorry and I hope you haven't lost too much.

If you've uploaded flags or levels, there's a small chance that I can retrieve them for you so please PM your account name to me and I'll see what I can do.

Finally (and uselessly, in context), there's a "Save Password" option in your profile.

(pardon me if I am interrupting or butting in, but I'm majoring in Computer Security and I find discussions of this nature interesting...)

... The person only has one post on the forum, he may be talking about his forum account...

And with regards to the forum account rather than the PSP account, there should be a "I lost my password" link to correct the issue, or an e-mail from the account e-mail address should be identity confirmation enough to reset the forum account...

... as far as the PSP account... (and forgive me as I don't know how it works)...

but couldn't he provide a serial or ID (maybe akin to the DS's WFC ID) of some sort along with an account username that proves that he has the PSP that the account belongs to? If I understand your response correctly, the reason you (as T17 staff) cannot reset his password/account is a lack of identity proof, right?

(oh yeah, and sorry FiFo, if you are really a she... stupid English pronouns...)

FiFo
5 Sep 2007, 19:58
I''m a he
i lost the password of the psp version
and i can't imagine that there's no solution for this!!!

Squirminator2k
5 Sep 2007, 21:24
It appears there isn't a solution. Pick a memorable password next time, or write down what you choose. Passwords are there for security purposes, so keep yours secure.

parsley
6 Sep 2007, 09:32
(pardon me if I am interrupting or butting in, but I'm majoring in Computer Security and I find discussions of this nature interesting...)

... The person only has one post on the forum, he may be talking about his forum account...

And with regards to the forum account rather than the PSP account, there should be a "I lost my password" link to correct the issue, or an e-mail from the account e-mail address should be identity confirmation enough to reset the forum account...

... as far as the PSP account... (and forgive me as I don't know how it works)...

but couldn't he provide a serial or ID (maybe akin to the DS's WFC ID) of some sort along with an account username that proves that he has the PSP that the account belongs to? If I understand your response correctly, the reason you (as T17 staff) cannot reset his password/account is a lack of identity proof, right?

(oh yeah, and sorry FiFo, if you are really a she... stupid English pronouns...)

No worries :D bit of a cryptography geek myself (particularly electronic election machines: the current systems are a masterclass in how not to do it).

Ah... I had interpreted his post as referring to his PSP password, what with it being in the WoW2 thread and all that, but maybe it's not.

Forum passwords are another thing entirely: if he's lost his forum password, then he should click on the "Forgot your password?" (or somesuch) link on the forum and it's all automatic from there. (You'd think that, from the number of times I've had to do it myself, I'd remember where it was and what it's called.)

Online passwords: If it were merely lack of proof, I'd have asked him to PM me with the required details: there's a lot that he could do to demonstrate the link between his forum persona and his online persona (last date logged in? account creation date? who's on his friends list? All of these are difficult to forge and aren't public knowledge but I can see them). However, verifying these data would take a an awfully long time... multiplied by all the others who are going to forget their passwords.

Nonetheless, I'd do it if I could.

But if I had the power, then *I* am the weakest link in the security chain and, as I have no reason to have that access, I don't have it (I can list the accounts but cannot modify them in any way). Minimum access rights and all that. In fact, as no-one at T17 has that access.

All I may be able to do is copy his uploaded data to his new account (and I'm not entirely sure I can do that: we're in 'here be dragons' territory now).

P.S. In English, if the gender of the person is unknown, then the masculine form of the pronoun should be used so if he were female, your pronouns would still have been correct.

enigma_0Z
8 Sep 2007, 00:40
Online passwords: If it were merely lack of proof, I'd have asked him to PM me with the required details: there's a lot that he could do to demonstrate the link between his forum persona and his online persona (last date logged in? account creation date? who's on his friends list? All of these are difficult to forge and aren't public knowledge but I can see them). However, verifying these data would take a an awfully long time... multiplied by all the others who are going to forget their passwords.

True...

Nonetheless, I'd do it if I could.

But if I had the power, then *I* am the weakest link in the security chain and, as I have no reason to have that access, I don't have it (I can list the accounts but cannot modify them in any way). Minimum access rights and all that. In fact, as no-one at T17 has that access.

Of course :rolleyes:, I know how that is...

All I may be able to do is copy his uploaded data to his new account (and I'm not entirely sure I can do that: we're in 'here be dragons' territory now).

You probably cannot, as modify record access can include create record access, depending on what DBMS you are using...

P.S. In English, if the gender of the person is unknown, then the masculine form of the pronoun should be used so if he were female, your pronouns would still have been correct.

LOL, my college teachers seem to think different, but what you said is what I tend to agree with... According to them it's proper to use phrases such as "him or her", but in my experience this becomes cumbersome... and the word "their" really doesn't work very well.

Anyway, thanks... Any ideas why there's not a similar "forgot my password" function for the PSP?

JammyAH
8 Sep 2007, 14:14
This doesn't help too much, but...

I am English, and I try to use "their" if the sex is unknown. Problem is, in some context, I end up saying "it". Which of course is terrible.

I'm not even sure this post makes sense... says a lot for our schools, doesn't it?

enigma_0Z
8 Sep 2007, 14:48
This doesn't help too much, but...

I am English, and I try to use "their" if the sex is unknown. Problem is, in some context, I end up saying "it". Which of course is terrible.

I'm not even sure this post makes sense... says a lot for our schools, doesn't it?

Yeah, that's technically improper to use "their" under any circumstances... Before all of the political correctness nonsens that filled the world, the person was referred to as "he" if the speaker did not know, now--according to my college teachers--is is proper to say "He or she" "him or her", or avoid using pronouns all together, as in "the person" "the player"...

But I digress, most people use they and their, which by the way is improper because you are referring to a single person... I find it odd sounding and annoying to use.

Cyclaws
8 Sep 2007, 15:40
Forgive me for being possibly sexist, but the majority of gamers in this world are male. I will presume the person is male unless they have said otherwise or its plainly obvious that they are female.

parsley
10 Sep 2007, 10:59
I am English, and I try to use "their" if the sex is unknown. Problem is, in some context, I end up saying "it". Which of course is terrible.
Ouch! and Lol

parsley
10 Sep 2007, 11:02
You probably cannot, as modify record access can include create record access, depending on what DBMS you are using...
I now know I can. (The question is which DBMS... there's at least two, the authentication DBMS and the LSG DBMS, I can't fiddle with the authentication, but have a fairly free hand with the LSG.)

Anyway, thanks... Any ideas why there's not a similar "forgot my password" function for the PSP?
There's no way of verifying that the user requesting the password is the owner of the account.

Their is, however, a "Save my password option."

Paul.Power
10 Sep 2007, 11:25
Alternatively, try and remember your password.

Slick
10 Sep 2007, 14:00
You mean there isn't any way to erase all saved data on your game, making it possible to sign up online again?

Fricken' bummer. Should'a got the DS version. :rolleyes:

parsley
10 Sep 2007, 15:54
Should'a remembered one's password, surely?

You can always sign up using a different account name.

enigma_0Z
10 Sep 2007, 16:37
Alternatively, try and remember your password.

Hahahahahaha...

Thanks for the good laugh, but this does usually work! :p

TorpedoNut
30 Sep 2007, 14:19
On the PSP version, there really should be an option to Auto-save your password BEFORE you enter it.

Somebody dropped the ball on this one. End of story.

Squirminator2k
30 Sep 2007, 19:24
One could argue that you have dropped the ball by forgetting your password.

parsley
30 Sep 2007, 19:33
On the PSP version, there really should be an option to Auto-save your password BEFORE you enter it.

Somebody dropped the ball on this one. End of story.

There is .