Hashing is a common method of security for passwords... in essence, it's transforming a password into many characters (and nobody knows how to undo the transformation). Used on pretty much all sites with reasonable security, it should be used on Team passwords here as well. Currently, your private team's password is not hidden from the moderators... if they want to see it, they can look at it right now. This shouldn't be the case, a password is a password, and nobody should have access to the password other than you and others that you give it to. I've made an issue github.com/ornicar/lila/issues/9467, and just want to let everyone else know, as this is a security issue that everyone should know about.
If we can trust the moderators I think they won't interfere with anything...
#2 have you read it properly what he is trying to say?
#2
Perhaps for most users that is the case, the majority would trust the mods, for good reasons, that they would not look at anybody's passwords. However this misses the whole point.
Simply because, hypothetically speaking, the mods have no good reason to check anybody's passwords and would never misuse their powers to look at the passwords (much like the infamous "if you have nothing to hide you should not be worried" phrase) does not mean they should have access to, for example, my account's password.
Inherently the same applies to team passwords.
Perhaps for most users that is the case, the majority would trust the mods, for good reasons, that they would not look at anybody's passwords. However this misses the whole point.
Simply because, hypothetically speaking, the mods have no good reason to check anybody's passwords and would never misuse their powers to look at the passwords (much like the infamous "if you have nothing to hide you should not be worried" phrase) does not mean they should have access to, for example, my account's password.
Inherently the same applies to team passwords.
Should the team leader be able to see the password? So they can share it with people they want to join the team?
This password is specifically for sharing with other people. Specifically, people you want to join your team. Since we also don't provide a way to securely share this password with other people, it's very likely that every team password has been sent via lichess DMs along with given to Twitter, WhatsApp, Slack, Discord, Gmail, Yahoo, etc. So the likelihood that this password is sent, stored and shared in plain text is extremely high. Which means our hashing of it will provide very little, if any additional security in my opinion. Instead, it will simply prevent us from showing it to the team leaders. Which might, or might not, result in more confused team leaders. I dunno. But I do know that us hashing it is probably more of a facade of security rather than actual security.
Regardless of the above, which is just my own personal opinion, we'll consider it in the github issue, so if anyone has any security related points they'd like to make about it, please add them to the github issue.
This password is specifically for sharing with other people. Specifically, people you want to join your team. Since we also don't provide a way to securely share this password with other people, it's very likely that every team password has been sent via lichess DMs along with given to Twitter, WhatsApp, Slack, Discord, Gmail, Yahoo, etc. So the likelihood that this password is sent, stored and shared in plain text is extremely high. Which means our hashing of it will provide very little, if any additional security in my opinion. Instead, it will simply prevent us from showing it to the team leaders. Which might, or might not, result in more confused team leaders. I dunno. But I do know that us hashing it is probably more of a facade of security rather than actual security.
Regardless of the above, which is just my own personal opinion, we'll consider it in the github issue, so if anyone has any security related points they'd like to make about it, please add them to the github issue.
#5 Agreed. The only actually good reason I see against showing it is to prevent accidental leaks in streams or something. But hiding it means you always have to change it if you forget it and other team leaders also won't even be able to find out when and to what it was changed which could potentially lead to some back and forth changing.
#3 I think I read it properly... maybe it is ok to let mods know about passwords... the moderators probably could check team forum etiquette or something...
#4 alright.
User passwords:
- must never be shared by the owner with other people
- are hashed in the database
- cannot be seen by anyone: not the mods, not the admins, not me, not the database admin. No-one. It's hashed.
Team passwords:
- must be shared by the owner, so people can join the team
- are stored in plain text in the database
- can be seen by team leaders (in case they forget it, which they do) and team administrators
They're very different things that just happened to share the same name. Team passwords are shared online to new team members, therefore hashing them would not increase security, and would cause confusion when a team leader forgets it.
- must never be shared by the owner with other people
- are hashed in the database
- cannot be seen by anyone: not the mods, not the admins, not me, not the database admin. No-one. It's hashed.
Team passwords:
- must be shared by the owner, so people can join the team
- are stored in plain text in the database
- can be seen by team leaders (in case they forget it, which they do) and team administrators
They're very different things that just happened to share the same name. Team passwords are shared online to new team members, therefore hashing them would not increase security, and would cause confusion when a team leader forgets it.
The site owner will always have access to your password as you are saving your password to this website.
This topic has been archived and can no longer be replied to.