Passwords & Security
For those who are interested here's a rundown on the way we manage your administrator password. Much of the information is general rather than specific to Spanglefish 3.
Storing your Password
Here's the important thing about how we (and most modern internet systems) store your password. We don't!
If you don't know how it works that can seem crazy but it's true. That's the reason we don't have a password reminder system - after all, we can't possibly remind you of a password which we don't know or have any record of.
How does it work then?
OK, here's how most online systems manage this trick.
When you reset your password you type it into a form on one of our webpages. It gets sent to our server when you click the button but we don't store it in our database. Instead we use a 'one-way function' to turn it into a long jumbled string, something like:
We store this hash in our database.*
The thing about one-way functions is that you can turn a password into the jumble (which is called a hash) but you can't easily change it back. And when I say 'easily', I mean you could do it using all the computers in the world but it might take you millions of years. So it's pretty secure.
Now next time you log in you type your new password into the login form and it gets sent to our server. Again, our server uses the one-way function on it and gets the hash. Now it compares the new hash to the one in the database. If they are both the same, then great, both passwords must have been the same, so you get logged in.
*For the technical minded we use unique salts for each record when creating hashes, and use a modern hashing algorithm though we won't tell you which as that'd be silly.
Nope, I still don't get it?
Think of it this way. You're walking along a beach and you see a footprint. Unless you're a Kalihari bushman you can't tell much from it - you don't know if it was made by a man or a woman, or what colour hair they have.
Ten minutes later you find another footprint. It's exactly identical to the first one. You still don't know anything about the person, but you can (with a high amount of certainty) say that it was the same person.
So that's what we do with your password: we compare the footprint we have stored with the latest footprint you've sent us and if they match we can say (with a high amount of certainty) that you are the person who set the password in the first place and log you in.
All the hard work we've done to secure the system can be completely negated by you, just by having an easy-to-guess password.
Hackers almost never sit in front of their computer trying to guess passwords though - they're much smarter than that. Instead they'll have a huge text file of possible passwords, probably arranged in the order they're most used, so 12345, qwerty and letmein will be near the top.
They'll give that list to a program they've written (or more likely downloaded from some hacker's website) and let the program try all the passwords out.
So if you use an easily-guessed password then all the back-end security we've put in place is wasted.
The advice: use a long and complicated password with various characters in it to make it hard for them. You can probably just let your browser remember it for you - you don't need to.
Even better, use a password manager program to create a really complex one for you.
Here's the other big risk - using the same password in different places.
Some of us just use the same password for everything, but that's a really bad idea. Maybe you used it when signing up to some stupid forum back in 2002, the owner of the forum wasn't hashing passwords and some hackers broke in and downloaded their database.
Now they know that the password '*My_v3ry_s3cur3_l0ng_p4ssw0rd!' is associated to your email address and could test it on every account they can find you have.
Again, using a password manager solves this problem because it'll assign a new password for every website you log into.
All sites on Spanglefish 3 have SSL certificates and run on HTTPS rather than HTTP. In common language your website is considered 'secure' by browsers and a padlock will show in the address bar to reflect this. It's good for customer confidence and (say Google) gives you a small boost in search engine listings.
In practice what this means is that when a visitor's browser communicates with our server the traffic between them gets encrypted and decrypted at each end.
Believe it or not, on HTTP anything sent between your browser and a web server is sent as plain text. So if you're in a cafe using their WiFi to enter your password into an unsecure website, someone else using the same WiFi could be running a program which lets them see your password. That's not good!
But with SSL all they'll see is a jumbled mess.
Note that unlike the one-time function we use for passwords, SSL uses functions which can be decrypted, because of course the systems need to understand what they're saying to each other.
So does that mean that you are 100% OK and can sleep soundly? Well, no web developer would ever have the hubris to say 100% - that's just setting yourself up to get loads of egg on your face. So let's think about the weaknesses.
Our servers are in a well-known cloud with loads of security, but if a hacker was able to compromise it they can't get your passwords from our database (because they're not stored there) but they could watch the traffic coming into the server and record your password at the point you're logging in.
Equally if someone has hacked your computer or phone they could see the password as you type it.
For both these reasons, it's extra important you use a unique password for your website admin. If a hacker did get it then they don't have access to your bank account or email account, only your Spanglefish site, and if they did mess it around then we can probably reinstate it for you.