While Tony's been working to migrate our sites to SSL, I've been working to improve how we handle your accounts.
Usernames: Improved cross-site compatibility- For new accounts, usernames are restricted to alphanumeric characters plus spaces, periods, and hyphens and cannot have multiple spaces in a row. This change is to improve cross-site integration. For example, Mediawiki cannot distinguish between space and underscore in usernames. This reduced character set will ensure that account names are compatible across all of the Titan Network sites and projects.
- Existing accounts that have "invalid" usernames are grandfathered in and will continue to work as they have been. However, we can't promise that your account will work correctly across all sites and services. I'm working on a feature to permit you to change your username, but it isn't ready yet.
Passwords: Better security- Passwords are now being hashed using PHP's password_hash, which uses the bcrypt hasing algorithm. The next time you log in on the main Titan page, at Paragon Wiki, at Ouroboros Portal, at City Info Terminal, or at Faces, your account's password hash will automatically be updated. (Logging in on the forums won't trigger the change, as the forums are a special snowflake that stores its own copy of the password hashes in a separate format.) This change should be transparent, but it will ultimately better protect your account's security if Titan is ever hacked. (We hope we won't get hacked, but we'd rather take as many reasonable precautions as possible.) This change is also future-friendly: if PHP ever upgrades to a more secure hashing algorithm, we'll be able to smoothly and transparently upgrade to take advantage of it.
- Passwords are still restricted to 6+ characters. We now also have a "ban" list of common passwords that we won't let you use (such as "password", "12345678", and "qwerty"). We aren't enforcing any more stringent requirements than that, but please do use a secure password that nobody is likely to guess or hack. The best hashes are useless if you put something in that someone else can guess or brute force.
Improved password resetting- The security question and answer feature was removed from the password reset process. Too few people were using it and too many people who were using it had too easily guessable answers. The primary reason the feature was added was so that you didn't have to worry about somewhere else resetting your password, but that issue is now addressed by...
- Password reset requests now generate a temporary password. This temporary password is only valid for a single login and will expire after 24 hours (or at the next time you log in, whichever is sooner). It can also be safely ignored: your existing password will not be changed unless you log in and change it. So if someone else requests a password reset on your account, you can just ignore it and keep logging in normally.
Email update propagation- When you change your email, it will now get updated across all of our sites. Previously, email changes only updated the Titan main site and CIT. Now they will also update the forums, the wikis, and Faces.
Miscellaneous- Global handles are no longer required. They are also no longer required to be unique.
- If you have an older account that doesn't have a corresponding forum account, a forum account will now be created when you change your password.
Titan main website improvementsI've also made some changes to the main Titan website. Many changes are minor, but notably:
- The site is much more mobile friendly now. Not perfect, but hopefully a big improvement!
- The account management page now better depicts which Titan sites you are or are not linked to and provides better information about that linkage.
More changes will hopefully be coming soon, so stay tuned!
Questions or Concerns?Feel free to chime in on the
discussion thread.