Weak passwords on GameMaker Server
I'll be making some changes to GameMaker Server discourage the use of weak passwords.
As a quick reminder, a good password is:
- Not re-used for other sites
- Not commonly used by many people
- Long enough that it can't be brute-forced
- Not a reference to something personal, the game you're playing or the site you're using
- Never shared with someone else, not even with an admin or me (Size43)
Good passwords are hard to remember, which is why you should use a password manager like 1Password (https://1password.com/
), Dashlane (https://www.dashlane.com/
) or LastPass (https://www.lastpass.com/
). Almost every password manager also has a way to automatically generate new passwords that are truely random.
Now back to GameMaker Server: starting Saturday, June 13th, the server will automatically be scanning accounts for commonly used passwords. Since GameMaker Server properly hashes and salts your passwords like any good site should, the only way to do this is scanning passwords one-by-one, account-for-account. It might take a while before all accounts have been scanned. If your account is using a weak password, you won't be able to login until you reset it. If your account does not have a valid mail linked to it, you will lose access to your account.
To prepare, you should make sure your password is not a common password. To do this, you can search (Control+F) this Wikipedia page:https://en.wikipedia.org/wiki/Wikipedia:10,000_most_common_passwords
-- If your password appears on that page it is an incredibly weak password and you should change it immediately.
If you cannot find your password on that page (or do find your password, but change it before June 13th), you will not have to reset your password.
You can change your password here:https://gamemakerserver.com/en/account/settings/
In the near future I'll also be improving the requirements on passwords, such that it will be harder to choose a weak password when creating a new account.
Last message on 5 Dec 2020