Password Reset; Required to wait untill server restart?

[Boursk]

When you change your password do you actually have to wait untill the server restarts for the client to recognize that you have set your new password or something?

Was looking forward to playing today after by **** internet being down for over a week but now I face this problem... :/

[Gobtar]

I need my Swedish berry, I can't play Tier 2 without em.

Also I found Iriak. It's only a matter of time now till Gobstar smashs once again.

[Boursk]

I need my Swedish berry, I can't play Tier 2 without em.

Also I found Iriak. It's only a matter of time now till Gobstar smashs once again.

Heya lol, Yeah I saw your message on steam.

I swear though if this is some bs beyond it just requiring a server restart I'm not gonna be happy :/

[Zhuangzi]

Me also have same problem .. It's two/three days i have changed password and i cant log in ...
I hope play again soon!!!
Hi all, Zhuangzi

[Boursk]

No admin got input on this matter?

[Gobtar]

On behalf of Magical Rainbow Ponies

Spoiler:

[merkin]

I hope they get something figured out. I'm about to throw in the towel and just say **** it I give up.

[Genisaurus]

Just wanted to jump in with an explanation, since I know you're all waiting. Unfortunately, I can't promise any easy solutions, only things you can try. You're experiencing one of the most common Quality of Life issues plaguing our server, and we are working on fixing it. I wish I could offer you a faster resolution, but we're honestly trying to determine exactly where the issue is, while we replace the whole broken system.

In the meantime, short answer, try changing your password again to something all lowercase. No numbers, no "special characters," just the 26 characters in the English latin alphabet. Then try logging into the game twice. It may work on the second try, it may work after the first try and a server reset.

Spoiler:

Why all the confusion and voodoo just to change a password?

Well, it works like this. Your passwords are hashed when they're stored into the database, which is pretty standard practice for security. It means that if anyone ever got unauthorized access to the account database, the passwords they stole would just look like a jumble of random characters. The problem is, it's just as unreadable to us. Now, you might trust a bunch of strange volunteers on the internet with your password, but you shouldn't, and we don't want to risk your information.

So when you change your password on the website, that password is saved in a file that is checked by the server's Account Manager every time you log in. If it sees a new password there, it loads it, hashes it, saves it into the DB, and erases it from the file so it's not exposed where it could be stolen.

The problem is, we can't translate whatever password is stored on the DB (and you wouldn't want us to), which means that we can't tell the difference between a new password that is not hashed correctly, and an old password that never got replaced. There could be a gap with passwords never making it to the server, or there could be a problem with how the algorithm handles certain characters or languages. In the last couple of months, we've been gathering evidence that our hashing algorithm doesn't work right in some circumstances. Testing is difficult, because every time someone runs into an issue, we can't ask them, "So, what's your password, and what did you try changing it to?"

When will it be fixed?

As soon as we're able to. Like I said, we're already in the process of changing the way we store and manage passwords to something that is both more secure, and more reliable. Unfortunately, there are only a few people on the staff that have the knowledge, background, and trust to perform security-related tasks like that. Those same skills mean their personal lives are very demanding. The changeover will be happening in the near future, but as a last-ditch effort, we recommend that if users must replace their passwords, they try replacing them with something as simple as possible to avoid upsetting the hashing algorithm.

Are you saying strong passwords don't work? I have to use a weak password?

No, just that those passwords have a greater chance of working based on what we have noticed. I, and many other users I'm sure, use passwords with numbers, special characters, and a mix of capital and lowercase letters. You may get a password reset to work with a particular combination of strong password practices, but the chance of success is lower.

[Boursk]

Just wanted to jump in with an explanation, since I know you're all waiting. Unfortunately, I can't promise any easy solutions, only things you can try. You're experiencing one of the most common Quality of Life issues plaguing our server, and we are working on fixing it. I wish I could offer you a faster resolution, but we're honestly trying to determine exactly where the issue is, while we replace the whole broken system.

In the meantime, short answer, try changing your password again to something all lowercase. No numbers, no "special characters," just the 26 characters in the English latin alphabet. Then try logging into the game twice. It may work on the second try, it may work after the first try and a server reset.

Spoiler:

Why all the confusion and voodoo just to change a password?

Well, it works like this. Your passwords are hashed when they're stored into the database, which is pretty standard practice for security. It means that if anyone ever got unauthorized access to the account database, the passwords they stole would just look like a jumble of random characters. The problem is, it's just as unreadable to us. Now, you might trust a bunch of strange volunteers on the internet with your password, but you shouldn't, and we don't want to risk your information.

So when you change your password on the website, that password is saved in a file that is checked by the server's Account Manager every time you log in. If it sees a new password there, it loads it, hashes it, saves it into the DB, and erases it from the file so it's not exposed where it could be stolen.

The problem is, we can't translate whatever password is stored on the DB (and you wouldn't want us to), which means that we can't tell the difference between a new password that is not hashed correctly, and an old password that never got replaced. There could be a gap with passwords never making it to the server, or there could be a problem with how the algorithm handles certain characters or languages. In the last couple of months, we've been gathering evidence that our hashing algorithm doesn't work right in some circumstances. Testing is difficult, because every time someone runs into an issue, we can't ask them, "So, what's your password, and what did you try changing it to?"

When will it be fixed?

As soon as we're able to. Like I said, we're already in the process of changing the way we store and manage passwords to something that is both more secure, and more reliable. Unfortunately, there are only a few people on the staff that have the knowledge, background, and trust to perform security-related tasks like that. Those same skills mean their personal lives are very demanding. The changeover will be happening in the near future, but as a last-ditch effort, we recommend that if users must replace their passwords, they try replacing them with something as simple as possible to avoid upsetting the hashing algorithm.

Are you saying strong passwords don't work? I have to use a weak password?

No, just that those passwords have a greater chance of working based on what we have noticed. I, and many other users I'm sure, use passwords with numbers, special characters, and a mix of capital and lowercase letters. You may get a password reset to work with a particular combination of strong password practices, but the chance of success is lower.

Thank you, I'll try that.

Appreciate the answer though, so that at least I know now what the dealio is

[YesNo]

Thanks for the update!

I'm very very grateful for eveything you fix or bring back!

Having the same problem...