Different passwords on every account is the way to go.
I don't know how to draw... but still I try to make flash movies ! I'm such a crazy person...
Age 38, Male
Web Developer
New York
Joined on 5/21/03
Different passwords on every account is the way to go.
yep
For some reason, I believe it is more complicated than you are thinking it too be.
No. No it's not.
Anyone at newgrounds has your password and that's it
sounds like someone wants to get raped again
Oh, sure because the best thing to do would be to outright make such an issue public so anyone who is willing and able to exploit it would be fully aware of it rather than sending a private an e-mail to the staff regarding your concerns. GREAT JOB! You sir deserve a cookie.
It's security 101. Anyone that ever did some web development knows the issue.
From experience I know that people hosting the site don't do anything because they underestimate the issue. I'd rather warn the users. Anyone with the ability to hack the ng site will already know what I said here.
Also, I don't see any way to contact NG eng dep
JoSilver is right. You should probably delete this post or at the very least edit the information out of there.
A quick google search tells you all you need to know about this issue. I'm not reveiling any exploit, just pointing out a huge flaw
I know what you say is true about the hacks and stuff, but who would really want to hack Newgrounds and be a admin. Also how would the hacker know that you use this password on other sites? They don't, and I am pretty sure hackers have better things to do than to hack a game website.
It's easy, the hacker would just try the credentials against a huge list of websites and see which one work.
Hackers will find the easiest hackable sites to get credentials and then use these credentials on very hard to crack websites.
So you took the time to write up a "How To" manual for would-be hackers? You might want to seriously reconsider your options here.
Like I said, it's security 101. Any web developer knows that.
What can we do?
Oh my god, the comments to this are bloody stupid. Guys: He's literally just telling you all to change your password because the encryption here isn't secure (in that there isn't any).
Even if you think he's wrong for some reason: Using a different password on Newgrounds than you do for your Paypal account is a smart and helpful thing to do anyway. I asked a guy to help me with just having a username and password server for a game last year, and password encryption was A HUGE FUCKING DEAL. He literally showed me how to go to a web page and view a giant list of every user's name and password.
Encryption scrambles all that data so that once you find it you can't read it, and big responsible sites like Amazon and Ebay have really thorough gates that obliterate your password soon as you press Enter.
If Newgrounds isn't doing that, then that means the keys to every other site you use are sitting on a web page somewhere that some 4channer idiot can pick up. Is your phone number on Facebook? Is your address on Ebay? Is your debit card on Paypal? No shit, it's 2012.
So just change yr fuckin password, Firefox'll remember it for you anyway.
Some people don't begin understand the gravity of this problem, so they attempt to tell you that you're wrong. That's the internet for you.
Fixing this problem(at least making it less of a gaping security flaw) is to use basic encryption. I believe Newgrounds was built with PHP, and PHP has a built in function called md5() (among others). Which will return a HASHED password for storage in a database. When the user logs in again, the password he types in is hashed, and compared against the hash stored in the database. If the password is correct, the hash codes should match.
Everyone: He knows this is happening because the "forgot your password" system should not be able to give you your password. The database should have a HASH of your password, it's only use is to verify future password inputs, it cannot easily be read. To edit your password, the hash is simply replaced.
I never use the same password for anything, but it's good to know regardless.
Well done sir!
Yeah, this is not news. Using the same password for every site you register on is, and always has been, a stupid idea.
I've bin expecting one of the staff to come in and say "Don't be crazy, Newgrounds is a huge site that's bin around for years, of course it's all secure"- BUT this post has bin up for a whole day now... so uh-oh
ffeineandsugar
Sage advice - I'm often guilty myself, but NOT on newgrounds, and I'm getting a lot better at shifting the really-needs-to-be-locked-down ones down. Eyes open, y'all!