07 Jan, 2009, Kaeden wrote in the 1st comment:
Votes: 0
My apologies if this is the wrong place to post this.

Players on my MUD can own spaceships. I was considering making it possible for players to set a ship password that enables them to do things like unlock doors and containers on the ship and access computer terminals. This password could be shared with trusted friends/crew members of the spaceship. I was also thinking of making it so that players in game can steal these passwords through coded in-game hacking skills.

I could either make it so that the game randomly generates a password for the ship owner, or give them the choice to set their own. I know people can be lazy when choosing passwords, and I worry that if I allow them to choose their own password, they might use the same password that they use for their MUD character's login or worse. Suppose Player A has a spaceship and they set the spaceship's password to the same one that they use to login to the MUD. Player B comes along and uses in-game skills to 'hack' the spaceship's password. Player B then later tries to log onto Player A's account with the same password on a hunch that it might work. Also, a crew member who Player A trusted with the ship password could do the same thing.

On the other hand, passwords that are randomly generated can be difficult to remember.

What are everyone's thoughts on this?
07 Jan, 2009, Zeno wrote in the 2nd comment:
Votes: 0
Restrict the password to something like numbers only. That way the chance of having the same pass as their char is unlikely.
07 Jan, 2009, Omega wrote in the 3rd comment:
Votes: 0
My recommendation: If you are using sha for your passwords, compare the encrypted password with the players-password. So players can set whatever password they want, but if it matches their player password, it won't let them use it.

And if they change their password, have it check against their ships password so they cannot use that either.

Outside of that, the players can use whatever they want for a password.

Another idea would be to limit the length of the password to like, 4 letters, where-as the standard password system on muds requires 5. So they can never use their password as the ships password.

Simple little things like that can be done.

Another thing is to let them use their own password, and if they get their player stolen, then they learn a very valuable lesson about password security. :)
07 Jan, 2009, Chris Bailey wrote in the 4th comment:
Votes: 0
I think auto-generated passwords are the best approach to this problem. As long as they aren't overly long and complex, they won't be difficult to remember. A simple 4 or 5 digit number should be pretty easy to hang on too. If a player forgets their password, they could always hire one of the aforementioned "hackers" as a locksmith.
07 Jan, 2009, Kline wrote in the 5th comment:
Votes: 0
I think auto-generated would be best. You could also further integrate this by letting players own PDA-style items, that while in their inventory, would grant "automatic" access to password protected things (if the password was stored on it). They could then use these items to share the password with one another, and it even opens the chance for them to be stolen (in addition to just having the ship itself hacked).
07 Jan, 2009, Sandi wrote in the 6th comment:
Votes: 0
I like Darien's idea.
07 Jan, 2009, elanthis wrote in the 7th comment:
Votes: 0
The BEST approach IMO is to not ever show any kind of password at all. There are plenty of alternatives to hacking that don't involve "steal the actual password." Look at Fallout 3 for a rather clever example.

The problem with random passwords is that users then end up needing to jot down notes out of game, which (in my opinion) is just a pain in the butt. Take Kline's PDA type idea and pretty much just run with that. Think of it the same a keyring in conventional "fantasy medieval" MUDs. Make a minigame out of hacking and computer work, sure, but don't take it to the point of minutiae and tedium. Please. :)
07 Jan, 2009, Kaeden wrote in the 8th comment:
Votes: 0
Thanks for all of the input.
07 Jan, 2009, quixadhal wrote in the 9th comment:
Votes: 0
It's also a question of the goal of securing your spaceships. If you want them secured in a way that ONLY people who have been given access can gain access, don't use passwords at all. Use an ACL list. Just store a list of characters who have permission to enter the ship, and think of it as a retina scan at the door or something.

OTOH, if you want ships to be hackable, then I'd go with the 4 digit password (all numbers or all letters), and thus give people a chance to guess.
07 Jan, 2009, Chris Bailey wrote in the 10th comment:
Votes: 0
Quixadhal retina scan idea sure does sound like a great security upgrade for a ship! :P
07 Jan, 2009, Igabod wrote in the 11th comment:
Votes: 0
Chris gave me the idea of a security system upgrade feature for ships. You could purchase a security system for the ship, the cheapest being the simple 4 digit password that must be remembered, the higher end security system would include quix's retinal scan idea and have anti-theft devices installed etc. To hack a ship with a low-end security system all you would need is a lower level hacker. To hack the high-end systems you would need a master hacker. Just an idea to think about.
07 Jan, 2009, Caius wrote in the 12th comment:
Votes: 0
I've used a solution much like quixadhal's idea. Basically I have a ship computer. The owner of the ship can then add extra pilots there. For each pilot the owner can grant certain privileges, which are implemented as flags. These are Owner (access to everything, including selling the ship), Captain (can add pilots), Piloting (can launch the ship and otherwise operate it), Maintenance (can do repairs and upgrades), and Computer (can access the computer to view pilots [but not edit], and can store hyperspace destinations). These flags can then be combined to give various kinds of permissions.
07 Jan, 2009, quixadhal wrote in the 13th comment:
Votes: 0
That's a good set Caius! I'd suggest one more additional flag… Combat. If you grant someone Piloting but not Combat, they can use the ship to run courier missions, but not initiate combat themselves (they can, of course, fight back if attacked). Just a thought… I don't know if that'd be useful for your game, but it makes the MMO trader in me happy. :)
07 Jan, 2009, Caius wrote in the 14th comment:
Votes: 0
quixadhal said:
That's a good set Caius! I'd suggest one more additional flag… Combat. If you grant someone Piloting but not Combat, they can use the ship to run courier missions, but not initiate combat themselves (they can, of course, fight back if attacked). Just a thought… I don't know if that'd be useful for your game, but it makes the MMO trader in me happy. :)

Hmm. Yeah. I haven't considered that. You could also turn it the other way around. Give Combat but not Piloting. Like on a capital ship. Someone may be a gunman, but don't have access to pilot the ship.
07 Jan, 2009, Kaeden wrote in the 15th comment:
Votes: 0
Hmm…all good ideas. The idea of allowing a player to set permissions for specific people to use specific functions of the ship is growing on me. Hackers in the game, could, of course, still fudge the permissions to include them as well. Thanks everyone!
0.0/15