Why we decided to use Gravatar

If you have found a bug, or have a suggestion/comment then leave it here

Post » Sun Jul 24, 2011 4:27 pm

Why i need a username to login there? If the Mail adresses are linked, i dont see a reason to provide another username for an avatar.

At the end, i guess this system is a true security risk for mail, usernames and password.xeed2011-07-24 16:29:40
B
15
S
3
G
5
Posts: 396
Reputation: 4,977

Post » Sun Jul 24, 2011 6:27 pm

Yes everyone now knows that the hash for your email is fd97776e49637bd4c1504eafc006b690.
Image Image
B
161
S
48
G
90
Posts: 7,347
Reputation: 66,749

Post » Sun Jul 24, 2011 6:42 pm

Xeed I don't think it's a considerable risk at all. Only the hash is transmitted, as newt pointed out, theoretically a hash can be cracked but it would take a very very long time for an attacker to do so, and for what purpose?
Image Image
Scirra Founder
B
124
S
37
G
25
Posts: 3,945
Reputation: 44,897

Post » Sun Jul 24, 2011 9:43 pm

Most users use the same password there and on forums etc, and i dont know how these are stored there. If some scriptkiddies may hack the gravatar server, they got mail, user and pw for many users at many sites.

However, my username is already taken, and since scirra.com is the only site i've seen who uses this system before i will not use it, cause it makes no sense for me to register on a new site to use the avatar here. xeed2011-07-24 21:44:42
B
15
S
3
G
5
Posts: 396
Reputation: 4,977

Post » Sun Jul 24, 2011 9:50 pm

That's ok, having an avatar isn't mandatory so if you don't want one that is fine!

Yes you can argue that if someone hacks gravatar they will have your email and password, but why not use unique passwords on every website?
Image Image
Scirra Founder
B
124
S
37
G
25
Posts: 3,945
Reputation: 44,897

Post » Sun Jul 24, 2011 10:04 pm

Who really has different passwords for private reasons

You'd ever have to carry a list with you, to login anywhere else but home.

I want an avatar, but dont want to register on another site for that xeed2011-07-24 22:06:01
B
15
S
3
G
5
Posts: 396
Reputation: 4,977

Post » Sun Jul 24, 2011 10:19 pm

[QUOTE=xeed]If some scriptkiddies may hack the gravatar server, they got mail, user and pw for many users at many sites.[/QUOTE]
That's true of any site, not just Gravatar, if you use the same username/password/email combo. Personally I use KeePass to store randomly generated passwords for each website I use, all locked by a single long password which I simply remember and don't have written down anywhere.Ashley2011-07-24 22:20:52
Scirra Founder
B
359
S
214
G
72
Posts: 22,949
Reputation: 178,544

Post » Wed Aug 10, 2011 11:41 pm

why not implement to use gravatar as an option?
B
15
S
3
G
5
Posts: 396
Reputation: 4,977

Post » Thu Aug 11, 2011 12:35 am

It is an option :)
Image Image
Scirra Founder
B
124
S
37
G
25
Posts: 3,945
Reputation: 44,897

Post » Thu Aug 11, 2011 7:36 am

I'm not a fan of Gravatar either, but using the premise of it being a security risk is silly. It is no more a security risk than creating an account anywhere else.

Personally I would prefer to use the old avatar system, by linking to an image in DropBox... but signing up for Gravatar wasn't THAT big of a deal.

~Sol
Tired of crappy file hosts that are crappy? Get DROPBOX - https://db.tt/uwjysXJF
Moderator
B
45
S
17
G
37
Posts: 2,853
Reputation: 25,966

PreviousNext

Return to Website Issues and Feedback

Who is online

Users browsing this forum: Yahoo [Bot] and 0 guests