Whenever there's been a security breach, it tends to make me think about security and what more I can do to secure Atlas Quest against hackers. So I spent much of the afternoon yesterday reading up about the best practices for storing passwords (along with what not to do) and realized that while AQ did a lot of things right (storing passwords using a one-way encryption algorithm--definitely good!), it.... had room for improvement as well.
I had learned that even encrypted passwords could easily be broken if the password is an easy one to begin with. People using the password "password" or "12345" is remarkably common. There are lists of the most commonly used passwords all over the Internet, and if your password is on it, you need a new password. But in any case, although AQ would encrypt a password such as "12345", if a hacker had somehow gotten a list of everyone's encrypted passwords, it would be easy to figure out which people were using common passwords because there would be a lot of users with the same encrypted password. If 50 people on AQ have the same encrypted password, it's going to be an easy one to crack!
So I changed the code to "salt" passwords. Now if 50 people use the same password, it'll come out with 50 different results in the database. A hacker won't have any idea which accounts might be easy to crack (or not). But still, if you use a bad password, the chances of being hacked go up enormously! All the encryption in the world can't fix a bad password.
There's also a technical issue for me.... since AQ stores passwords using a one-way encryption, I can't actually update the database to re-encrypt everyone's password. AQ needs to know the original password to do that! So I added a clever piece of code that intercepts a password when you log in and then re-encrypts it into the database to the more secure format. (Along with anyone else using the same password. Every person who logs in--you're helping AQ crack everyone else's password! I can't decrypt passwords, but I can check if other people are using the same password as you. Which, ironically, is the very weakness in the system I'm trying to fix. I'm using AQ's own weakness to make it stronger!)
I also got rid of the password "hint" on AQ. Some of you actually put your actual password in that (and the hint is NOT encrypted!), but while it might remind you what your password is, it can also help hackers crack into your account. So AQ no longer stores password hints. (If you tried to change your password this morning and got an error message, that's because I missed uploading a changed file that was trying to store a password hint even though the database no longer held that data. Sorry about that, but it is fixed now!)
So, that's what's up with password security on AQ. =)