So I came back from a long break, installed the game and logged back into it. Eager to start gathering.
After a while something popped up in the back of my head, I remembered my full login information was stored in plain text back when I played, so I popped open regedit hoping to see an improvement there. Sadly I was disappointed. Account login information is still stored in plain text, sure enough, there is a HWID (hardware identifier) now, which is useful yes, but that is just evading the problem, consider that most people use the same password for everything, hence there is a good chance that the password found in the registry will also work for the email found and yes blahblah 2 factor auth or other shit on the email provider, that's good and all but do you (albion devs) really want to rely on a 3th party? It would make sense to anyone, even the people who have no clue about what programming is or how works, that storing a user's login information in plain text is a bad idea.
Is the user's account safety not being valued? I wish to avoid using the word incompetence but cmon, plaintext, really?
I am quite uncomfortable with the fact that my login information is being stored simply in plain text
For those who wish to see for themselves:
1. window + r
2. regedit
3. press enter : O
4. open up HKEY_CURRENT_USER
5. open up SOFTWARE
6. open up Sandbox Interactive GmbH
7. open up Albion Online Client
8. scroll down and double click either login.accountname_blahblab or login.password_blahblah
as a user you might ask: "How is this important? Why is that a bad thing?"
Well the thing is, any program is able to read that information. If then a malicious program gets onto your computer and just casually reads your precious information and sends it off to god knows where then well, you are fucked, malicious person x now has your email address and password.
sidenote: virus scanners are far from perfect and malicious programmers keep innovating on a day to day basis, it's a game of cat and mouse and I rather not have my account safety depends on a cat and mouse game
sidenote_2: it doesn't always have to be some shady software that does some malicious things or that new porn site you visited more often than not it are good programs in disguise 1 example that comes to mind is, lets say that some lovely user x on here made a program that could help you track crafting materials required and resources owned (sorry if someone actually made that, I had no intention of targeting you in specific). Great and all but behind the scenes it could just grab your information and you'd have no idea it even happened.
Me being a little irritated decided to make a test application, that would read your precious information and send it off to a server somewhere. I made it in C# (a programming language, used by albion itself, found it rather fitting to do it that way). As I think it would not be appreciated if I posted the source code here I will not do that however I did work flawlessly, took me around 5 min and 3 sips of coffee and here is the virustotal scan I did on it
virustotal.com/en/file/64e1caa…0fde/analysis/1478395832/
if it would be allowed to let the source be posted please let me know and i'll happily add it in although anyone who can write a little bit of C# and google "C# reading registry keys" can remake the exact program I made.
anyways, I might sounds a little rant-isch but I felt like it did not belong in the rants section, if ya disagree just move it lel
sadface
After a while something popped up in the back of my head, I remembered my full login information was stored in plain text back when I played, so I popped open regedit hoping to see an improvement there. Sadly I was disappointed. Account login information is still stored in plain text, sure enough, there is a HWID (hardware identifier) now, which is useful yes, but that is just evading the problem, consider that most people use the same password for everything, hence there is a good chance that the password found in the registry will also work for the email found and yes blahblah 2 factor auth or other shit on the email provider, that's good and all but do you (albion devs) really want to rely on a 3th party? It would make sense to anyone, even the people who have no clue about what programming is or how works, that storing a user's login information in plain text is a bad idea.
Is the user's account safety not being valued? I wish to avoid using the word incompetence but cmon, plaintext, really?
I am quite uncomfortable with the fact that my login information is being stored simply in plain text
For those who wish to see for themselves:
1. window + r
2. regedit
3. press enter : O
4. open up HKEY_CURRENT_USER
5. open up SOFTWARE
6. open up Sandbox Interactive GmbH
7. open up Albion Online Client
8. scroll down and double click either login.accountname_blahblab or login.password_blahblah
as a user you might ask: "How is this important? Why is that a bad thing?"
Well the thing is, any program is able to read that information. If then a malicious program gets onto your computer and just casually reads your precious information and sends it off to god knows where then well, you are fucked, malicious person x now has your email address and password.
sidenote: virus scanners are far from perfect and malicious programmers keep innovating on a day to day basis, it's a game of cat and mouse and I rather not have my account safety depends on a cat and mouse game
sidenote_2: it doesn't always have to be some shady software that does some malicious things or that new porn site you visited more often than not it are good programs in disguise 1 example that comes to mind is, lets say that some lovely user x on here made a program that could help you track crafting materials required and resources owned (sorry if someone actually made that, I had no intention of targeting you in specific). Great and all but behind the scenes it could just grab your information and you'd have no idea it even happened.
Me being a little irritated decided to make a test application, that would read your precious information and send it off to a server somewhere. I made it in C# (a programming language, used by albion itself, found it rather fitting to do it that way). As I think it would not be appreciated if I posted the source code here I will not do that however I did work flawlessly, took me around 5 min and 3 sips of coffee and here is the virustotal scan I did on it
virustotal.com/en/file/64e1caa…0fde/analysis/1478395832/
if it would be allowed to let the source be posted please let me know and i'll happily add it in although anyone who can write a little bit of C# and google "C# reading registry keys" can remake the exact program I made.
anyways, I might sounds a little rant-isch but I felt like it did not belong in the rants section, if ya disagree just move it lel
sadface