RANT: Forbidden guest accounts / empty password

User avatar
Wuzzy
Member
 
Posts: 3625
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy

RANT: Forbidden guest accounts / empty password

by Wuzzy » Thu Mar 16, 2017 21:41

Rant Mode enabled.

OK, here is something which absolutely annoys me:
Servers which don't let you join with an empty password. And this is freaking common!

This forces me to:
  • Think of a password
  • Memorize it
  • For almost every server seperately
This would be no problem if it would be only once. But I have to do it for almost every server seperately! This is inconvenient as HELL!

I think you server operators need to understand one simple fact: Maybe, just maybe, I just want to quickly peek in random servers and decide which server I like based on how it looks at first glance. But NO! You force me to go through the account registration process before I am even *allowed* to see your server. Just quickly going through random servers is just not possible.

The fact that this practice is common also makes it unneccessarily painful for beginners. Want to join random server? NOPE! The newbie is first bombarded with tons of cryptic error messages. The error message is terrible, by the way. It is not clear at all how the account registration process works. It may sound like you're not allowed to join the server AT ALL.

This anti-feature is so annoying, I even suggest to remove it from Minetest.

It's also terrible Minetest usability. In no point of the account registration process is it made clear THAT YOU ACTUALLY REGISTER AN ACCOUNT on your first login. I don't want to know how many account names have been burned because of a misunderstanding on how this works. What were you core developers thinking when you designed the main menu? :-/

Then there are servers which force you to have a name which matches arbitrary “quality standards” (e.g. names like “Guest123” are forbidden). Or nonsense like “you must not have more than 5 digits in your name”. WTF? What's the point of this? I don't see any. It is just another senseless hurdle to overcome.

Rant Mode disabled.

I think one possible solution to this would be a real guest system. Think of it as a one-time login. As far I know, each first-time login silently (!) creates an account+password, there is no way to prevent this. A guest login would be a login to a server which creates no account. It's just for looking into a server once. When you leave, the player character is gone forever. This would be perfect for just quickly peeking into random servers. Of course, this approach has also usability implications which need to be addressed.
My creations. I gladly accept bitcoins: 17fsUywHxeMHKG41UFfu34F1rAxZcrVoqH
 

User avatar
DS-minetest
Member
 
Posts: 1116
Joined: Thu Jun 19, 2014 19:49
Location: I'm scared that if this is too exact, I will be unable to use my keyboard.
GitHub: DS-Minetest
In-game: DS

Re: RANT: Forbidden guest accounts / empty password

by DS-minetest » Sat Mar 18, 2017 19:01

Much of what you wrote is true.
First join on servers is in minetest meh. So, mostly everything something in short:
  • Name has to have more than a certain amount of letters sometimes. (This is very uncomfortably because this forces you to choose different names on different servers, you always have to type the other name and whoops, there it happened, a second account is born.)
  • Minetest needs a better guest system, delete guest player after first play.
  • Not mentioned but also a problem: At first join, you are only once asked for the password to set.
  • And more, I'm too lazy to write texts like Wuzzy does.
Do not call me -minetest.
Call me DS or DS-minetest.
I am German, so you don't have to pm me English if you are also German.
The background is a lie.
 

User avatar
Wuzzy
Member
 
Posts: 3625
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy

Re: RANT: Forbidden guest accounts / empty password

by Wuzzy » Sat Mar 18, 2017 21:05

DS-minetest, you summarized very well what is wrong about the current password system. Thanks.

At first join, you are only once asked for the password to set.

Yes. This causes people to constantly burn account names because of a typo on the “first login” (= silent sneaky registration without warning) and litters servers with useless accounts.

It is pretty much standard practice everywhere to make the user enter the password twice on registration.
Minetest is the odd one. :-(
My creations. I gladly accept bitcoins: 17fsUywHxeMHKG41UFfu34F1rAxZcrVoqH
 

User avatar
TenPlus1
Member
 
Posts: 2625
Joined: Mon Jul 29, 2013 13:38
GitHub: tenplus1

Re: RANT: Forbidden guest accounts / empty password

by TenPlus1 » Sun Mar 19, 2017 07:42

Sorry but I feel that server passwords are a handy feature as it stops other people taking over your account and pretending to be you so they can grief/swear etc. Also if you build something awesome as a guest and try to protect it you would really want a password to stop anyone else claiming your builds and adding a password later.
 

User avatar
Lejo
Member
 
Posts: 636
Joined: Mon Oct 19, 2015 16:32
GitHub: Lejo1
In-game: Lejo

Re: RANT: Forbidden guest accounts / empty password

by Lejo » Sun Mar 19, 2017 10:08

But on some Minigameservers is a password not important there you don't have any buildings.
It's right that a password is important, but not on all servers.
 

User avatar
firefox
Member
 
Posts: 1493
Joined: Wed Jan 14, 2015 07:34
Location: Xanadu
In-game: Red_Fox

Re: RANT: Forbidden guest accounts / empty password

by firefox » Sun Mar 19, 2017 10:35

you could also use the same name and password for all servers :P
it would be the same as having 1 universal login for all servers, so you only need to remember it once.
building inspiration: viewtopic.php?f=3&t=15550 --- my game: viewtopic.php?f=49&t=15860 --- =(^.^)= nyan~
 

User avatar
Wuzzy
Member
 
Posts: 3625
Joined: Mon Sep 24, 2012 15:01
GitHub: Wuzzy2
IRC: Wuzzy
In-game: Wuzzy

Re: RANT: Forbidden guest accounts / empty password

by Wuzzy » Sun Mar 19, 2017 20:52

Sorry but I feel that server passwords are a handy feature as it stops other people taking over your account and pretending to be you so they can grief/swear etc. Also if you build something awesome as a guest and try to protect it you would really want a password to stop anyone else claiming your builds and adding a password later.

Yes, I am completely aware of the security concerns, and they are mostly valid. But your imposter argument has a flaw: Anyone could pretend to be anyone, it's just a question who grabs the account name first. Who says that users have to use the same user name everywhere? But apart from that, it's valid.

But you ignored the particular use case I presented, as well as my proposal for a real guest system.
Guest mode is for quick exploration of many different servers. Guests would not have “real” user names, so they can't use their name for faking an identity. As a guest, you also don't care about your buildings if you did not plan to stay for long anyway.
But of course, a guest must know that he/she is a guest and the progress in the game is only temporary.
Failing to telling that the player would be very stupid.
Serious players could still get a real account afterwards. Just stop *forcing* them to use a password. It makes quick server exploration very tedious. Did you never just want to join random servers?

A different solution would be to make the account registration process less painful. Currently, you are required to maintain an user name + password combination for every single server. This is crazy, nobody can remember all this. And it's also easy to make mistakes and easy to break the rule of never re-using a password.


I kinda have found a workaround for forced passwords: Just create a throwaway account which I'll never use again. Basically like guest accounts. :P

you could also use the same name and password for all servers :P

This is not secure. But I know, it's so tempting!
My creations. I gladly accept bitcoins: 17fsUywHxeMHKG41UFfu34F1rAxZcrVoqH
 

User avatar
srifqi
Member
 
Posts: 556
Joined: Sat Jun 28, 2014 04:31
Location: Indonesia
GitHub: srifqi
IRC: srifqi
In-game: srifqi

Re: RANT: Forbidden guest accounts / empty password

by srifqi » Fri Mar 24, 2017 14:29

I like the idea of having guest account. This means that server storage can be saved (even just in very little amount) and server can increase performance because the guest is only viewing without interaction (idk about chat) and the server doesn't need to be care of player data.

Also, telling player that first time joining is actually registering is good too. Why we don't make login and register as separate distinguishable action rather than silently registering account?

But, having a password on each server seems good for me.
I'm from Indonesia! Saya dari Indonesia!
Terjemahkan Minetest!
Mods by me. Modifikasi oleh saya.

Pronounce my nick as in: es-rifqi (IPA: /es rifˈki/)
 

User avatar
BBmine
Member
 
Posts: 3475
Joined: Sun Jul 12, 2015 22:51
Location: USA
GitHub: BBmine
IRC: BBmine
In-game: Baggins

Re: RANT: Forbidden guest accounts / empty password

by BBmine » Fri Mar 24, 2017 16:06

I agree with firefox. I use this password on all the servers I go to:
+ Spoiler

I know it might not be as secure, but it's worse to forget the password and not be able to get on that server anymore.
 

User avatar
Hybrid Dog
Member
 
Posts: 2719
Joined: Thu Nov 01, 2012 12:46

by Hybrid Dog » Fri Mar 24, 2017 20:23

Minetest uses SRP for authentication:
https://github.com/minetest/minetest/issues/1943

‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪‮
‮‪
 


Return to General Discussion



Who is online

Users browsing this forum: No registered users and 22 guests