Save password for multiplayer games

[pagep]

Hi everyone

We have our server password protected. We are connecting to the server multiple times per day and always have to enter the password - would be nice if the password could be saved (as in the browser)

Thanks

[ssilk]

I know, not helpful, but - really - saving a password non-encrypted is nearly the same as placing a reserve key under the doormat.

If you save a password, it's not longer a password, cause if you save it, it's ... saved. And not longer a secret. So you need to encrypt it somehow. Which brings us back: Cause for save encryption you need a secret. A password or so.
Instead of saving password we should use professional (and already existing) authorization mechanisms (using rsa- (or whatever) keys).

[Nidhoegger666]

I have a private factorio server for me and some friends. What bugs me a bit is that we all have to enter the password every time. I would suggest adding a "Save password" checkbox underneath the password field.

[CapriciousSage]

+1...

I'm getting really sick of typing in the darn password to my mate's server

[Koub]

From a security standpoint saving passwords is a bad practice (I'm talking about the apps that store passwords for ease of use, not the apps designed as password safes).

[ikarikeiji]

From a security standpoint saving passwords is a bad practice (I'm talking about the apps that store passwords for ease of use, not the apps designed as password safes).

Doesn't make this a bad suggestion, we're talking about a password that stops someone griefing a game server, not one that protects your money or sensitive information.

[Darinth]

From a security standpoint saving passwords is a bad practice (I'm talking about the apps that store passwords for ease of use, not the apps designed as password safes).

Doesn't make this a bad suggestion, we're talking about a password that stops someone griefing a game server, not one that protects your money or sensitive information.

That's actually why it's a bad idea. Most people use the same password for their money and sensitive information that they use for their games.

Does factorio servers support any other kinds of authentication to resolve these kinds of issues? As an example, the ability to authorize a particular client to the server so that client can connect to the server without password would effectively resolve the issue without exposing major security issues.

[Jap2.0]

From a security standpoint saving passwords is a bad practice (I'm talking about the apps that store passwords for ease of use, not the apps designed as password safes).

Doesn't make this a bad suggestion, we're talking about a password that stops someone griefing a game server, not one that protects your money or sensitive information.

That's actually why it's a bad idea. Most people use the same password for their money and sensitive information that they use for their games.

First: that's dumb. At least have two or three passwords, distributed among accounts based on how much you care about what they're protecting. Second: if this is something they implement, there might be some better way to do it than storing it in plain text in a config file like it currently is for setting up servers?

[Nidan]

[...]

First: that's dumb. At least have two or three passwords, distributed among accounts based on how much you care about what they're protecting.

Sensible advice, but laziness and/or ignorance usually wins.

Second: if this is something they implement, there might be some better way to do it than storing it in plain text in a config file like it currently is for setting up servers?

As long as logging into the server involves sending the password (or its hash) over the network, it must be possible to recover that password (or the hash) from whatever is stored on disk, which, as result, is essentially plain text as well. Note: I don't know how factorio handles server password checking.

I can suggest an alternative, but note that:
a) Implementing cryptography should be left to cryptography experts
b) I'm not an cryptography expert
c) Anyone stealing the file can log into the servers stored inside the file (you could encrypt the file, but at that point we're implementing a password manager)
With that said, here's an alternative that avoids storing plain passwords (and plain hashes) and also doesn't send credentials over the network.
1) When the user enters a server password, derive some key from it (at least a salted hash, with the salt provided by the server), store {server address, key} in the password file (*)
2) When logging into a server, use the key for a symmetric cipher (e.g. AES) (**), have both sides (client and server) ask each other to encrypt a random text with that cipher and check the result (keywords: zero knowledge, challenge-response). If both sides provide the correct result continue logging in, otherwise client shows "wrong password" dialog.
*) In the file the keys (or everything) could be xor'ed or encrypted with a constant (e.g. username used for checking for updates) as a (weak) protection against leaking a copy of the file
**) in the proposed scheme a cryptographic hash would suffice as decryption isn't needed

[Darinth]

From a security standpoint saving passwords is a bad practice (I'm talking about the apps that store passwords for ease of use, not the apps designed as password safes).

Doesn't make this a bad suggestion, we're talking about a password that stops someone griefing a game server, not one that protects your money or sensitive information.

That's actually why it's a bad idea. Most people use the same password for their money and sensitive information that they use for their games.

First: that's dumb. At least have two or three passwords, distributed among accounts based on how much you care about what they're protecting. Second: if this is something they implement, there might be some better way to do it than storing it in plain text in a config file like it currently is for setting up servers?

I mean... I agree... you're talking to the guy who maintains an encrypt document full of passwords to various accounts... but that doesn't change how people work as a whole and factorio still has to protect user's passwords. This, at a minimum, means no reversible encryption on any passwords stored on the system.

[...]

First: that's dumb. At least have two or three passwords, distributed among accounts based on how much you care about what they're protecting.

Sensible advice, but laziness and/or ignorance usually wins.

Second: if this is something they implement, there might be some better way to do it than storing it in plain text in a config file like it currently is for setting up servers?

As long as logging into the server involves sending the password (or its hash) over the network, it must be possible to recover that password (or the hash) from whatever is stored on disk, which, as result, is essentially plain text as well. Note: I don't know how factorio handles server password checking.

I can suggest an alternative, but note that:
a) Implementing cryptography should be left to cryptography experts
b) I'm not an cryptography expert
c) Anyone stealing the file can log into the servers stored inside the file (you could encrypt the file, but at that point we're implementing a password manager)
With that said, here's an alternative that avoids storing plain passwords (and plain hashes) and also doesn't send credentials over the network.
1) When the user enters a server password, derive some key from it (at least a salted hash, with the salt provided by the server), store {server address, key} in the password file (*)
2) When logging into a server, use the key for a symmetric cipher (e.g. AES) (**), have both sides (client and server) ask each other to encrypt a random text with that cipher and check the result (keywords: zero knowledge, challenge-response). If both sides provide the correct result continue logging in, otherwise client shows "wrong password" dialog.
*) In the file the keys (or everything) could be xor'ed or encrypted with a constant (e.g. username used for checking for updates) as a (weak) protection against leaking a copy of the file
**) in the proposed scheme a cryptographic hash would suffice as decryption isn't needed

I'm not a 'crytography expert' either, but the basics of securing passwords actually isn't all that difficult. The short answer is that there is no good method of securing a weak password on a system, but there are methods of securing strong passwords. Your method is pretty good honestly. Out of an abundance of security, I'd hash multiple pieces of data together with a salt (username, password, server-provided salt, etc... I don't know what data points factorio tracks for this. Really, once you're salting the hash with a few pieces of consistent data, you're doing about the most that can be done.) You've got the right idea by not transmitting the key and instead just encrypting a challenge-response. If you're going to be storing passwords on a system, you're doing about as much as you can to protect users at that point. But it's all a moot point, there's no reason to store passwords on the computer.

After authorization, the server sends back a randomly generated string that the client can use for future logins. The server stores that string with some additional information to know it's authorized. If we really want to get fancy, send the string back via symetric encryption using the server password. At that point, no user passwords are actually stored. Ever. The worst thing that could happen is someone hacks their way on to the server... nobody's ever going to get access to someone's sensitive information because Factorio stored someone's password for ease of use. That's the important part.

[Sad_Brother]

Probably it would be better to have "Remember me" option on the server.
So player after entering server with password would be allowed to enter without password.
I'm not expert in security so just think about it.

[Darinth]

Probably it would be better to have "Remember me" option on the server.
So player after entering server with password would be allowed to enter without password.
I'm not expert in security so just think about it.

My second method is the effective implementation of this, and is how many websites implement their 'remember me' schemes. Website gives a cookie to the browser and then the website remembers the cookie as method of keeping the browser remembered. Thus is why when you clear out cookies, the sites that were remembering you suddenly forget you.

[cpy]

Just make game remember passwords used to connect to different game servers ok?
How about some quality of life improvements? Slap a big unencrypted warning and show password while typing. Whatever just make it work?

[Optera]

I hope server passwords are not sent in clear text to the server.
Normally you'd hash the password and send that hash. Only the server should be able to decrypt the passwords.
There shouldn't be any problem storing that hash locally.

[riley234]

For those who utilize multiple servers using Clusterio and are having download speed issues with the server select mod, jumping between servers is made lengthy with the necessity of inputting a password each time. A "Save password" option would be a great benefit in this use case, as well as for those prone to forgetting passwords.

[Koub]

[Koub] Merged into older thread with same suggestion.