Security and how to protect yourself
If you have come here you are a cool curious fellow :). Here I wish to reassure you that I have done my research to make the site as secure as it can be.
- The site uses a username password authentication system, with your session and authentication being handled by passportjs (written by really smart people, I would not dare try to implement authentication by myself).
- Your password is heavily encrypted (hash). It will take current hardware an extremely long time to decrypt it unless you have a ridiculously simple password such as "12345". Therefore, in the unlikely case that the database is breached, if you have a secure password (like "123*jfVu@" (not my password)) then there is almost no chance that it can be decrypted by anyone. I recomment watching this video if you are interested in how your password could be decrypted (don't worry, you don't have to know computers to understand the video :)) Link
That said, I cannot protect you from yourself. It is lightly mentioned in the video I linked above, but I will provide some tips on protecting yourself.
- Don't use a weak password. This is the most obvious, but often overlooked way to protect yourself.
- Be careful when opening weird links or emails. If it asks you to log in, check the website name first and make sure there are no typos (e.g. facebook.com vs faceb00k.com). Only log in if you are positive that the page you are viewing is a legitimate site. Also double check it has "https" in the website link/url (any reputable site will definitely use https) and not "http" (unless it usually doesn't have https).
- No one should ever ask you for your password. No one should ever be able to retrieve your password. No one should ever see your raw password. Only your really complicated encrypted hash. Admins should only be able to reset your password, not decrypt it.
- If you are on a open wifi network (one with no password) be careful. Everything your computer sends to the web and back is VIEWABLE in RAW text when intercepted between your laptop and the router/modem (and anywhere down along the track even if you aren't using wifi... unless its encrypted). The only exception is if it is pre-encrypted on your computer before it is sent to the web and back. You know if a website is using this "pre-encryption" if the website link/url has "https" in it, if it is "http" it is not using "pre-encryption". I will aim to get my site to https as soon as I can (when I buy a domain name and release the server live I will be able to). (<----done)
Thank you for reading up to here. Now go play a game!