ffeineandsugar 2012-08-06 18:51:47

Sage advice - I'm often guilty myself, but NOT on newgrounds, and I'm getting a lot better at shifting the really-needs-to-be-locked-down ones down. Eyes open, y'all!

PIED3 2012-08-06 19:12:49

Different passwords on every account is the way to go.

Blounty 2012-08-06 20:00:29

For some reason, I believe it is more complicated than you are thinking it too be.

FatBadger 2012-08-06 22:52:02

sounds like someone wants to get raped again

JoSilver 2012-08-06 23:10:14

Oh, sure because the best thing to do would be to outright make such an issue public so anyone who is willing and able to exploit it would be fully aware of it rather than sending a private an e-mail to the staff regarding your concerns. GREAT JOB! You sir deserve a cookie.

Yusuf 2012-08-06 23:25:50

JoSilver is right. You should probably delete this post or at the very least edit the information out of there.

324108430 2012-08-07 01:04:02

I know what you say is true about the hacks and stuff, but who would really want to hack Newgrounds and be a admin. Also how would the hacker know that you use this password on other sites? They don't, and I am pretty sure hackers have better things to do than to hack a game website.

ChronoNomad 2012-08-07 02:55:40

So you took the time to write up a "How To" manual for would-be hackers? You might want to seriously reconsider your options here.

Gameboy12 2012-08-07 09:38:19

What can we do?

I-smel 2012-08-07 10:51:32

Oh my god, the comments to this are bloody stupid. Guys: He's literally just telling you all to change your password because the encryption here isn't secure (in that there isn't any).

Even if you think he's wrong for some reason: Using a different password on Newgrounds than you do for your Paypal account is a smart and helpful thing to do anyway. I asked a guy to help me with just having a username and password server for a game last year, and password encryption was A HUGE FUCKING DEAL. He literally showed me how to go to a web page and view a giant list of every user's name and password.
Encryption scrambles all that data so that once you find it you can't read it, and big responsible sites like Amazon and Ebay have really thorough gates that obliterate your password soon as you press Enter.

If Newgrounds isn't doing that, then that means the keys to every other site you use are sitting on a web page somewhere that some 4channer idiot can pick up. Is your phone number on Facebook? Is your address on Ebay? Is your debit card on Paypal? No shit, it's 2012.
So just change yr fuckin password, Firefox'll remember it for you anyway.

Tarienn 2012-08-07 13:36:51

Some people don't begin understand the gravity of this problem, so they attempt to tell you that you're wrong. That's the internet for you.

Fixing this problem(at least making it less of a gaping security flaw) is to use basic encryption. I believe Newgrounds was built with PHP, and PHP has a built in function called md5() (among others). Which will return a HASHED password for storage in a database. When the user logs in again, the password he types in is hashed, and compared against the hash stored in the database. If the password is correct, the hash codes should match.

Everyone: He knows this is happening because the "forgot your password" system should not be able to give you your password. The database should have a HASH of your password, it's only use is to verify future password inputs, it cannot easily be read. To edit your password, the hash is simply replaced.

Celx-Requin 2012-08-07 14:39:44

I never use the same password for anything, but it's good to know regardless.
Well done sir!

Sheizenhammer 2012-08-07 17:00:20

Yeah, this is not news. Using the same password for every site you register on is, and always has been, a stupid idea.

I-smel 2012-08-07 21:23:56

I've bin expecting one of the staff to come in and say "Don't be crazy, Newgrounds is a huge site that's bin around for years, of course it's all secure"- BUT this post has bin up for a whole day now... so uh-oh