In a holiday promotional act for AW 5.0, AWI has just renewed all citizens across the board and sent out a mass email to the userbase, free to use AW until January 2nd. Got an old, expired friend? Be sure to let them know!
In a holiday promotional act for AW 5.0, AWI has just renewed all citizens across the board and sent out a mass email to the userbase, free to use AW until January 2nd. Got an old, expired friend? Be sure to let them know!
Always a nice time of year this.. just caught up with a friend from 2000/2001 – Magma
Just caught up with the guy who got me started on avatar and modeling and was my aw-mentor since about 2001
All of my old buddies are back too ^_^
Ugh not more nougats I hope
Just talked to Magma, aka. Pappino. Told him a little about SWI.
Also got to talk to Chloe. She LOVES my GZ. <3
Brought back
me ^____^
Something about this has me a bit upset…
The e-mail they sent out has the user name and password information included in it. Is it really so easy for them to pull a user’s password? Furthermore, for any mail that bounced back and for anyone who replied to the e-mail to request removal from future promotions, wouldn’t that provide AWI with an e-mail containing the user name and password?
Perhaps Eep’s claims that AWI was accessing and stealing his account weren’t so uncalled for. Aren’t there any privacy laws from being able to access a user’s password?
Your worried that awi has access to our passwords? Why wouldn’t they, it’s their program. Read your user agreement, they can pretty much do anything they want with our accounts. They aren’t the government or some 3rd party, they aren’t really bound by anything. I’m sure they could read our telegrams, take our accounts, and delete random builds for fun “legally”. They’re pretty much only bound by a general concept of customer service.
So, how does this work? Apparently, you can’t just sign on with your account info. Who do I contact? By the way, my email info has changed, so I would never have received a notice of this promotion. I just downloaded AW by chance and found out by checking out SW site.
AW might want to put something on their site to indicate this promotion, or maybe it is just an community in house thing.
Did you get an email from AWI?
Read my post again, I updated that I no longer use the email address that I had an account with.
just email tom with your old info explaining that your email has changed and I’m sure he’ll fix it up.
Do you have an email address for Tom?
tom@activeworlds.com or support@activeworlds.com
And you should just be able to sign in…maybe you forgot your password or something?
While what you say about the company’s legal obligations is true, it is equally true that most organizations hash users’ passwords using MD5, SHA-1 or another one-way hashing algorithm before storing them in a relational database or flat file. Authentication is then facilitated by hash comparison. Since these hashes are in theory irreversible, employees are unable to ascertain an individual user’s password even if they possess administrative access to the database. The employee may still gain access to user accounts through other means (such as resetting the password), but hashing is a simple and practical way of protecting passwords and is a de facto industry standard.
-Shred
But you’re assuming that someone at AWI manually copied and pasted the passwords from a database to the e-mails, which would be absurd considering these e-mails went out to thousands of people. We have no indication that such hashing algorithms weren’t used and I see no problem in a batch program retrieving passwords (and then un-hashing them, I guess) and e-mailing them out to people. Afterall, that’s what many “Forget password” e-mails do.
Actually, no, I am making no such assumption. One way hashes are one-way; i.e., it is infeasible to generate the data on which the hash function was applied using the value of the function alone. If we pass a user’s password through a hash function with no known vulnerabilities, we cannot feasibly use the generated hash to retrieve the original password by “unhashing.” This applies to any agent, whether the agent is human or not. Any company than can e-mail to you your password is most likely storing the password in clear text somewhere.
-Shred
This is most likely what’s going on — IIRC Mark did all of the work for the renewal emailing system, and he’s mentioned using that sort of system to me before.
Thanks for the email addresses.
Just so you know, no I didn’t forget my password. When I try to sign on with a wrong password it says it is wrong. When I try to sign on with my actual password, it says it is disabled.
Maybe Activeworlds sends a random password to sign on again for the “dormant” users. They could then change the password. This seems like the sensible way to do it.
You should try again, it took a little while for mine to properly activate.
That name rings a bell… loudly. I remember you from way back.. like 2002 era type deal. What projects were you involved in?