New User Authentication System Implemented

Today I have implemented a new user authentication on the live version of eSportsPress.com. If everything went well you should not experience any differences. The only thing that you might experience is being logged automatically if you used the old cookie based persistent login system.

The reason to implement a new system was due to the numerous news reports lately on user passwords being stolen from MySQL databases. Most of these stolen archives were cracked due to weak encryption. Mostly passwords were either stored in plain text or as MD5 hashes. The first method is absolutely ridiculous (however used more often than you would think) and the second is outdated. Back in 2008 when the first version of eSportsPress was written I also decided to store passwords as md5 hashes. Now, in 2012, I have upgraded this to a double salted sha512 encryption. This should make your password a lot more protected.

The cookie based login system has also been upgraded. This uses a unique token authenticated versus a double salted sha512 hash. Secondly, users authenticated via a cookie still have to provide their password when performing sensitive tasks (ie. changing your password). This should secure your account more rigorously.

So, enough technical chitchat. I hope everything went smoothly and you, as a user, do not experience any problems. However if problems with your account do occur please contact me or post a comment below.

Thanks!

Comments

Add Comment