I recommend removing both the requirement of Spoutcraft and the xAuth plugin.
Both are broken forms of fine pottery at the moment and do not work, as their creators are currently striving to get them to work, as intended.
First of all, just naming the Authentication plugin has made it open to exploiting. Second of all, requiring email address and passwords is illegitimate and misleading. The plugin cannot actually email you and reset your password. It is not immune to data sniffing, and does not include any known form of solid encryption that can't be bypassed by your typical quad core computer within a few hours.
It is not safe to use emails and passwords, it is much safer to create temporary logins as I previously suggested using players KNOWN forum accounts and NEW passwords for INGAME only. or IGP. In-Game-Password. Instead of "IGN".
Furthermore, you do not need spoutcraft for this capability and a lot of people are having a hard time adjusting to the backwards logic of spoutcraft, and adding functionality where it was not needed because, (to simplify this logic in 2 words) "Less Clicks". Spoutcraft has made it a chore to do things that were previously easy to do. Such as seperating / commands into the ctrl function instead of alt+up arrow. Such as M turning off chat instead of opening your map. Such as the fact most users won't click on a map, they're viewing it, they'll drag and drop it and by sheer accident if they let go of it and click to fast they might discover you can add waypoints. The client last GUI. There's a ton more..
I could go on to throw a completely thorough bitchfit about how terrible my citizens and friends think spoutcraft is. But for now, I will savor the flavor of their suffering you are now causing.
Both are broken forms of fine pottery at the moment and do not work, as their creators are currently striving to get them to work, as intended.
First of all, just naming the Authentication plugin has made it open to exploiting. Second of all, requiring email address and passwords is illegitimate and misleading. The plugin cannot actually email you and reset your password. It is not immune to data sniffing, and does not include any known form of solid encryption that can't be bypassed by your typical quad core computer within a few hours.
It is not safe to use emails and passwords, it is much safer to create temporary logins as I previously suggested using players KNOWN forum accounts and NEW passwords for INGAME only. or IGP. In-Game-Password. Instead of "IGN".
Furthermore, you do not need spoutcraft for this capability and a lot of people are having a hard time adjusting to the backwards logic of spoutcraft, and adding functionality where it was not needed because, (to simplify this logic in 2 words) "Less Clicks". Spoutcraft has made it a chore to do things that were previously easy to do. Such as seperating / commands into the ctrl function instead of alt+up arrow. Such as M turning off chat instead of opening your map. Such as the fact most users won't click on a map, they're viewing it, they'll drag and drop it and by sheer accident if they let go of it and click to fast they might discover you can add waypoints. The client last GUI. There's a ton more..
I could go on to throw a completely thorough bitchfit about how terrible my citizens and friends think spoutcraft is. But for now, I will savor the flavor of their suffering you are now causing.
