New login system, finally! November 29, 2007 4:26 PM   Subscribe

We've finally finished a several month long project today by reworking the back end of Metafilter to bring site security practices up to date. The new login system we were testing yesterday is now live for everyone. And you can even change your password now, after 8 years of everyone asking!

Here are the highlights:
* All logins via SSL here: https://login.metafilter.com/
* More secure cookies set on login
* New password change form
* Forgotten password reset (for folks with verified emails on file)

You're also now required to give your password when changing sensitive data, like altering your email address or closing your account. And both of those happen over SSL as well, so your password is never sent in the clear.

You can change your password by clicking the "change password" link at the top of your site preferences.

Behind the scenes, passwords are stored as unique hashes so your password is a secret between you and various hashing mechanisms. There are bound to be a few bugs with an major overhaul like this (yesterday's testing solved most of it), so please report any problems here or via email.

Overall, login/cookie stuff is now way, way more secure. If anyone were to ever (worst-case scenario) snoop your transmissions over the wire or steal your cookie details, they'd never be able to change your password or email (so they can't "steal" your account) or close your account. That wasn't the case previously.
posted by mathowie to Feature Requests at 4:26 PM (76 comments total) 3 users marked this as a favorite

My head asplode.
posted by dmd at 4:30 PM on November 29, 2007


Oh, and sorry, there's no plain theme on the login screen and the header/footer don't have all the navigation. It's kind of like logging into Yahoo from Flickr -- I have to maintain separate copies of the images, stylesheets, etc on the secure server and didn't want to have to keep the header/footer stuff in sync.
posted by mathowie (staff) at 4:30 PM on November 29, 2007


HA HA! I finally get to change my password to 4R15T0TL3_15_4_B46455!

oh crap... now... oh well.
posted by koeselitz at 4:33 PM on November 29, 2007


Hopefully this will stop all those assholes hijacking my account and posting mean, potty-mouthed comments.
posted by BeerFilter at 4:42 PM on November 29, 2007


they'd never be able to change your password or email

them's fightin' words.
posted by blue_beetle at 4:45 PM on November 29, 2007


4R15T0TL3_15_4_B46455

Bagass?
posted by jjg at 4:49 PM on November 29, 2007


Bilbo.
posted by cortex (staff) at 4:51 PM on November 29, 2007 [1 favorite]


Badass.

Both Aristotle and the update.
posted by Kattullus at 4:53 PM on November 29, 2007


Behind the scenes, passwords are stored as unique hashes so your password is a secret between you and various hashing mechanisms.

Not MD5, I trust.
posted by matthewr at 5:05 PM on November 29, 2007


4R15T0TL3_15_4_B46455

Oh, so that's what a hash looks like...
posted by Steven C. Den Beste at 5:06 PM on November 29, 2007


Thanks for spending time on important infrastructure stuff like this.
posted by chrismear at 5:13 PM on November 29, 2007


Cool. Thanks.
posted by dersins at 5:16 PM on November 29, 2007


Thanks, guys. This is one new feature that even I can't find anything to bitch about! Hooray!
posted by stavrosthewonderchicken at 5:16 PM on November 29, 2007


I finally changed my password. Now what do I do with the diaper?
posted by Eideteker at 5:25 PM on November 29, 2007


Really, Stav, they shouldn't have discussed it with you first?

(HOW LONG UNTIL WE CAN HAVE LAST.FM IN OUR PROFILES TELL ME NOW PLEASE!)
posted by klangklangston at 5:27 PM on November 29, 2007


Terrific. Thanks!
posted by LeeJay at 5:27 PM on November 29, 2007


˙uıʍ ǝɥʇ ɹoɟ spɹoʍssɐd ǝɹnɔǝs ˙ʇɥƃnoɥʇ ı uɐɥʇ ɹǝʇʇǝq uǝʌǝ s,ʇı 'sʞuɐɥʇ
posted by flatluigi at 5:30 PM on November 29, 2007


This is terrible news.
posted by 31d1 at 5:35 PM on November 29, 2007


Not MD5, I trust.

Nope, we followed pretty much this blog entry to a T (I think we're using SHA-2 with a bunch of extra salt stuff).
posted by mathowie (staff) at 5:37 PM on November 29, 2007 [2 favorites]


Really, Stav, they shouldn't have discussed it with you first?

I'll let this one slide, but don't let it happen again!
posted by stavrosthewonderchicken at 5:43 PM on November 29, 2007


Thanks, mathowie!
posted by Afroblanco at 5:47 PM on November 29, 2007


+++
posted by edgeways at 6:00 PM on November 29, 2007


Dangit, now all of my evil plans are useless.

For now.
posted by DMan at 6:02 PM on November 29, 2007


I miss the old MeFi where you didn't get to change your password.
posted by terrapin at 6:12 PM on November 29, 2007 [5 favorites]


Thank you, thank you, thank you. My long personal nightmare is finally over.

I've often told the story of when I first got into MetaFilter, and even alluded to it on my profile page, which I put up the first day I signed up. I had been lurking for months, and kept seeing little hints and allusions to a back door. I kept trying to find it, and one day in March 2002 I found myself at a signup page for an unrelated website - the 5K contest.

It looked just like signing up for MetaFilter, so I tried it. It asked me for a username, and as I have said many times, I entered the first thing that popped into my head - yhbc, which stands for "Your Humble and Beloved Commissioner", which I have used for seventeen years now as an in-joke in the fantasy football league I run.

What I have never said before around here is what happened next. The form next asked me for a password, so again I entered the first thing that popped into my head. Within days - no, hours - of completing the process, I started regretting my choice, and soon it became an overbearing torment.

Yes, for the past five years and eight months, my MetaFilter password was "commish". I died a little inside each and every time someone called me that.
posted by yhbc at 6:13 PM on November 29, 2007 [9 favorites]


We all knew, it just wasn't that exciting to be you.
posted by mr_crash_davis at 6:15 PM on November 29, 2007


I miss the old, insecure Metafilter.
posted by Dave Faris at 6:19 PM on November 29, 2007


Thanks. That $5 just keeps giving and giving.
posted by Sailormom at 6:23 PM on November 29, 2007


Days like this, I'm glad I quit huffing.
posted by Brandon Blatcher at 6:26 PM on November 29, 2007


Heh. I'm a little afraid to log out now. It's been such a long time, I'm not sure what my password actually is.
posted by stavrosthewonderchicken at 6:34 PM on November 29, 2007


We can help! Forget your password?
posted by pb (staff) at 6:37 PM on November 29, 2007


So does that mean you're going to change your password, yhbc?
posted by wendell at 6:41 PM on November 29, 2007


Thanks, pb. There isn't any negative consequence to just staying logged in, is there?
posted by stavrosthewonderchicken at 6:42 PM on November 29, 2007


This is awesome. Pretty soon you're going to have to change "X new links" to "We went ahead and saved the world X times while you were gone."
posted by anotherpanacea at 6:44 PM on November 29, 2007 [1 favorite]


I already did, wendell! It's -

W A I T a minute . . .
posted by yhbc at 6:47 PM on November 29, 2007 [1 favorite]


There isn't any negative consequence to just staying logged in, is there?

Nah, you should just seamlessly move to the new system. We have a bit more to do on our end before that happens, but you shouldn't have to do anything.
posted by pb (staff) at 6:48 PM on November 29, 2007


There isn't any negative consequence to just staying logged in, is there?

aside from being found under a mountain of pizza boxes and empty 2liter coke bottles in front of a glowing monitor, no
posted by pyramid termite at 6:53 PM on November 29, 2007 [2 favorites]


I logged out to see what it was like to login again manually and I found myself staring at the no favorite/MefiMail/other awesome function havin', Verizon ad laden version of the site, and I realized how good I have it for the low low price of five Amercican cash dollars.

So, thanks for that...!


(I can has profit sharing for my membership endorsement? Email in profile.)
posted by rollbiz at 6:59 PM on November 29, 2007


I can complain still:

What no EV cert? Lame. I demand pretty green address bars. Otherwise, how do I know this is really MetaFilter? I mean really MetaFilter?
posted by jeffamaphone at 7:15 PM on November 29, 2007


I got some cheapo EssentialSSL thing from Comodo. The EV cert was like a billion dollars a year. Should I add one of these cheesy logos?
posted by mathowie (staff) at 7:33 PM on November 29, 2007


You'd definitely have to raise the membership fee if you did that.

*creates sockpuppet with username "Bilbo Bagass"*
posted by trip and a half at 7:41 PM on November 29, 2007


Two words: slippery slope.
posted by Durin's Bane at 7:52 PM on November 29, 2007


There isn't any negative consequence to just staying logged in, is there?

Well, they might try to hire you.
posted by cortex (staff) at 8:15 PM on November 29, 2007 [1 favorite]


Don't you guys realize that this is a test of your loyalty? A true blue MeFite never logs out.

Don't fall for it.
posted by Quietgal at 8:35 PM on November 29, 2007 [1 favorite]


congrats pb!
posted by neustile at 9:24 PM on November 29, 2007


Hey, just a thought -- would it be possible or a Good Idea or too much load on the server (or can we already do it) to be able to have our whole MeFi sessions on all the subsites be https?
posted by stavrosthewonderchicken at 9:40 PM on November 29, 2007


When I read about improved site security I thought for a moment the image tag was coming back...
posted by LarryC at 9:55 PM on November 29, 2007


Thankya!
posted by cashman at 10:01 PM on November 29, 2007


Well, if you're going to do things right, how am I going to endear myself to you by finding security holes and reporting them instead of exploiting them?
posted by davejay at 10:18 PM on November 29, 2007


Why would you want your entire session on https, stavros?
posted by danb at 10:22 PM on November 29, 2007


stavros, going SSL everywhere is kind of overkill, plus performace-wise, the Flickr folks recently mentioned that testing showed a SSL connection could only serve 1% of the pages an identical server could do without SSL under similar loads.

We could rewrite the backend a bit more to have one monster script that lets users post comments to any part of the site, and throw that under SSL, so that'd mean any time you're exchanging sensitive cookie details, it'd be encrypted.
posted by mathowie (staff) at 10:23 PM on November 29, 2007


Yeah, I had heard that the server load was way bigger, but I wasn't sure. No big deal.

Why would you want your entire session on https, stavros?

Less likely that there might ever be grief from the excessive amount of time I spend here while I'm at work (with the approval of the boss, but still).
posted by stavrosthewonderchicken at 10:31 PM on November 29, 2007


your password is a secret between you and various hashing mechanisms... any time you're exchanging sensitive cookie details

you mean all the ones i made before were public!?!?

oh, hashING cookies. ...um, nevermind. carry on.
posted by spiderwire at 10:35 PM on November 29, 2007


Now there is nothing more we need for Christmas (except maybe some html thingies)
posted by Cranberry at 11:54 PM on November 29, 2007


Call me when we can change our user names.
posted by chococat at 11:56 PM on November 29, 2007


Call you what?
posted by stavrosthewonderchicken at 12:50 AM on November 30, 2007 [1 favorite]


Sweet.

I wish you could have worked the protection from harmful rays into this release, though. My hair is getting nasty under this tinfoil hat.
posted by ikkyu2 at 12:55 AM on November 30, 2007


* Forgotten password reset (for folks with verified emails on file)

You're also now required to give your password when changing sensitive data, like altering your email address


I think I see a problem here. I'll bet that there's at least one user who has forgotten their password and hasn't verified their email.
posted by philomathoholic at 4:02 AM on November 30, 2007


... or whose email address has gone south since the last time they thought about it.

But that's the kind of thing you go mad trying to design around.
posted by lodurr at 4:49 AM on November 30, 2007


Thanks, Matt & PB.
posted by theora55 at 6:39 AM on November 30, 2007


*makes corned beef hash, salts it heavily*
posted by koeselitz at 7:17 AM on November 30, 2007


And STILL the background on AskMe goes unwhitened.
posted by Kwine at 7:52 AM on November 30, 2007


Man. I know other people have said similar things, but this destroys the Small Town aspect of MeFi.

It's like going from the good old days where we are all neighbors, and no one locks their doors, and I come into your house at night, and fart on your cutlery... To a town where all the doors are locked, and I just sit on your porch for a few hours every night feelig sad.

Actually, this is great. I've had two characters in my password reversed from how I intended it, and when one of those rare times where I've been logged out comes, I never remeber the reversal. I've temporarily locked myself out of my account a couple times because of that. Now there is hope for me! Hooray!
posted by sparkletone at 7:59 AM on November 30, 2007


I'll bet that there's at least one user who has forgotten their password and hasn't verified their email.

That's when you contact an admin and we figure out if you're using the same email and can identify other parts of your account to make sure you're the same person, then we can update/verify emails by hand.
posted by mathowie (staff) at 8:00 AM on November 30, 2007


Call me when we can change our user names.

Given that your username is the strongest identifier of your identity in the community, I hope you can see why we're not going to add that kind of feature.
posted by mathowie (staff) at 8:01 AM on November 30, 2007


I think he was jokin', Matt.

I hope he was jokin'. chococat, were you jokin'?
posted by cortex (staff) at 8:06 AM on November 30, 2007


I love it that the newest, fanciest feature that everyone loves on this website involves being able to:
a) login
b) change your password

Welcome to 1995, the future is lookin' mighty fine!
posted by blue_beetle at 9:18 AM on November 30, 2007 [1 favorite]


Ah, 1995. It was shortly after that when we threw out twenty years of research on user interface design and replaced it with the idea that we could do anything that needed to be done in a software user interface with a primitive hypertext system. Heady times....
posted by lodurr at 10:06 AM on November 30, 2007 [1 favorite]


That's when you contact an admin and ...

Ya, that's what I figured, but I was just pointing out an interesting catch-22.
posted by philomathoholic at 12:58 PM on November 30, 2007


There isn't any negative consequence to just staying logged in, is there?

*checks profile*

You have over 13000 comments across this site. In other words:

No.
posted by quin at 12:59 PM on November 30, 2007


Yes, joking.
But a little bit not joking, 'cause I hate my username.

posted by chococat at 4:33 PM on November 30, 2007


i have a compromise proposal: how about an option to change our usernames to "the user formerly known as _____"?
posted by spiderwire at 4:53 PM on November 30, 2007


blue_beetle writes "I love it that the newest, fanciest feature that everyone loves on this website involves being able to:
"a) login
"b) change your password"


Matt knows the secret to godly tech support, under promise and over deliver. If you set expectations low enough right from the beginning everyone is super impressed when you wildly exceed those low expectations.
posted by Mitheral at 9:39 PM on November 30, 2007 [1 favorite]


Yes, joking.
But a little bit not joking, 'cause I hate my username.


Shouldn't have typoed chocolat, eh?
posted by ersatz at 7:26 AM on December 1, 2007


I'll bet that there's at least one user who has forgotten their password and hasn't verified their email.

That's when you contact an admin and we figure out if you're using the same email and can identify other parts of your account to make sure you're the same person, then we can update/verify emails by hand.
posted by mathowie


I say charge $5 for that service. Put that money aside and save it up until you have enough to buy us a few pounds of img tags.
posted by The Deej at 9:33 AM on December 1, 2007


I've always liked chococat as a username. Wanna trade?
posted by ikkyu2 at 12:20 AM on December 3, 2007


« Older 'Spergin   |   Internet Arguments for charity Newer »

You are not logged in, either login or create an account to post comments