User login system for mobile.

Menno · 2017-08-10T05:30:24

I want to reverse engineer what most mobile multiplayer games do with there login system and with that I mean the user is able to start to play immediately with a guest account and can later fill in a name and link with Google, Facebook or email/password. I think I need the following steps the moment the user presses "play immediately". Create a unique user name, something like guestXXXX and a password. Store Username and password locally. Encrypt password locally. Store the username and password in the database. Encrypt password with a unique salt. Now when the player boots up the game again he will skip the login step since there are local credentials. The only problem I see here is when the user does not register an email, his own password or links with a social media account he will lose his account once he loses his local credentials, most likely with an uninstall. But I think it's very good to have the user play first before he commits with yet another username and password or link with Facebook. I can always throw in a warning when an account is not linked every now and then and give a small bonus when the user links it. Am I forgetting something here? Are there other proven methods so the player can get engaged immediately?

Networking and Multiplayer Programming

Started by menyo July 20, 2017 08:16 AM

11 comments, last by hplus0603 7 years, 3 months ago

Miraz

August 09, 2017 08:03 PM

I'm using SRP authentication on my project.

hplus0603

11,938

August 10, 2017 05:30 AM

What kind of attack do you think SRP protects against, that you need protection against?

Do you not trust the ISPs on the way between the client and the server, AND you don't trust the TLS certificate chain of trust?

Pretty much the only case where SRP would be better than password-over-TLS is where you believe there exists a man in the middle that has managed to insert a trusted root certificate into the clients' root store. Which is totally possible when we're talking about state actors, but ... it's unlikely the NSA is all that interested in your game :-)

I'm not saying it's a bad idea to use a well tested library and protocol. Just curious why you choose to worry about those kinds of attacks.

enum Bool { True, False, FileNotFound };

User login system for mobile.

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

User login system for mobile.

This topic is closed to new replies.

Popular Topics

Recommended Tutorials

Reticulating splines