RANT: Forbidden guest accounts / empty password

[Wuzzy]

Rant Mode enabled.

OK, here is something which absolutely annoys me:
Servers which don't let you join with an empty password. And this is freaking common!

This forces me to:

• Think of a password
• Memorize it
• For almost every server seperately

This would be no problem if it would be only once. But I have to do it for almost every server seperately! This is inconvenient as HELL!

I think you server operators need to understand one simple fact: Maybe, just maybe, I just want to quickly peek in random servers and decide which server I like based on how it looks at first glance. But NO! You force me to go through the account registration process before I am even *allowed* to see your server. Just quickly going through random servers is just not possible.

The fact that this practice is common also makes it unneccessarily painful for beginners. Want to join random server? NOPE! The newbie is first bombarded with tons of cryptic error messages. The error message is terrible, by the way. It is not clear at all how the account registration process works. It may sound like you're not allowed to join the server AT ALL.

This anti-feature is so annoying, I even suggest to remove it from Minetest.

It's also terrible Minetest usability. In no point of the account registration process is it made clear THAT YOU ACTUALLY REGISTER AN ACCOUNT on your first login. I don't want to know how many account names have been burned because of a misunderstanding on how this works. What were you core developers thinking when you designed the main menu? :-/

Then there are servers which force you to have a name which matches arbitrary “quality standards” (e.g. names like “Guest123” are forbidden). Or nonsense like “you must not have more than 5 digits in your name”. WTF? What's the point of this? I don't see any. It is just another senseless hurdle to overcome.

Rant Mode disabled.

I think one possible solution to this would be a real guest system. Think of it as a one-time login. As far I know, each first-time login silently (!) creates an account+password, there is no way to prevent this. A guest login would be a login to a server which creates no account. It's just for looking into a server once. When you leave, the player character is gone forever. This would be perfect for just quickly peeking into random servers. Of course, this approach has also usability implications which need to be addressed.

[Desour]

Much of what you wrote is true.
First join on servers is in minetest meh. So, mostly everything something in short:

• Name has to have more than a certain amount of letters sometimes. (This is very uncomfortably because this forces you to choose different names on different servers, you always have to type the other name and whoops, there it happened, a second account is born.)
• Minetest needs a better guest system, delete guest player after first play.
• Not mentioned but also a problem: At first join, you are only once asked for the password to set.
• And more, I'm too lazy to write texts like Wuzzy does.

[Wuzzy]

DS-minetest, you summarized very well what is wrong about the current password system. Thanks.

At first join, you are only once asked for the password to set.

Yes. This causes people to constantly burn account names because of a typo on the “first login” (= silent sneaky registration without warning) and litters servers with useless accounts.

It is pretty much standard practice everywhere to make the user enter the password twice on registration.
Minetest is the odd one. :-(

[TenPlus1]

Sorry but I feel that server passwords are a handy feature as it stops other people taking over your account and pretending to be you so they can grief/swear etc. Also if you build something awesome as a guest and try to protect it you would really want a password to stop anyone else claiming your builds and adding a password later.

[Lejo]

But on some Minigameservers is a password not important there you don't have any buildings.
It's right that a password is important, but not on all servers.

[firefox]

you could also use the same name and password for all servers :P
it would be the same as having 1 universal login for all servers, so you only need to remember it once.

[Wuzzy]

Sorry but I feel that server passwords are a handy feature as it stops other people taking over your account and pretending to be you so they can grief/swear etc. Also if you build something awesome as a guest and try to protect it you would really want a password to stop anyone else claiming your builds and adding a password later.

Yes, I am completely aware of the security concerns, and they are mostly valid. But your imposter argument has a flaw: Anyone could pretend to be anyone, it's just a question who grabs the account name first. Who says that users have to use the same user name everywhere? But apart from that, it's valid.

But you ignored the particular use case I presented, as well as my proposal for a real guest system.
Guest mode is for quick exploration of many different servers. Guests would not have “real” user names, so they can't use their name for faking an identity. As a guest, you also don't care about your buildings if you did not plan to stay for long anyway.
But of course, a guest must know that he/she is a guest and the progress in the game is only temporary.
Failing to telling that the player would be very stupid.
Serious players could still get a real account afterwards. Just stop *forcing* them to use a password. It makes quick server exploration very tedious. Did you never just want to join random servers?

A different solution would be to make the account registration process less painful. Currently, you are required to maintain an user name + password combination for every single server. This is crazy, nobody can remember all this. And it's also easy to make mistakes and easy to break the rule of never re-using a password.


I kinda have found a workaround for forced passwords: Just create a throwaway account which I'll never use again. Basically like guest accounts. :P

you could also use the same name and password for all servers :P

This is not secure. But I know, it's so tempting!

[srifqi]

I like the idea of having guest account. This means that server storage can be saved (even just in very little amount) and server can increase performance because the guest is only viewing without interaction (idk about chat) and the server doesn't need to be care of player data.

Also, telling player that first time joining is actually registering is good too. Why we don't make login and register as separate distinguishable action rather than silently registering account?

But, having a password on each server seems good for me.

[BBmine]

I agree with firefox. I use this password on all the servers I go to:

Spoiler

**************************

I know it might not be as secure, but it's worse to forget the password and not be able to get on that server anymore.

[Hybrid Dog]

Minetest uses SRP for authentication:
https://github.com/minetest/minetest/issues/1943