Hi,

do you know OpenID?
It is a decentralised method for authentification (see wiki).

Would you like to introduce OpenID to Bright-Shadows (see openidselector for the UI and lightopenid for the server-part or janrain for a complete solution which is free, if it isn't used to often -> pricing)

I would really like to see OpenID in Bright-Shadows, as I don't want to use the same password for Challenge-Sites as for other services and I forget passwords which I don't use often.

Cheers,
Martin

A centralized login maybe means multi-pwnage?

I've proposed this now also in the wechall forum, so I guess we should discuss it there.

Sounds like the way a few companies were thinking of going, Blizzard being one that introduced Battle.NET accounts to keep numerous WoW/SC etc accounts. Good idea if you have multiples....but if someone else gets in, then you've lost everything! Blizzard (and others) got around this by getting people to purchase Authenticators which is tied to accounts (http://www.vasco.com/products/digipass/digipass_go_range/digipass_go6.aspx or similiar). Still not 100% secure but with the "random" digits going off an internal clock its quite impossible to get in.

@sniperkid: unless it's on a windows pc. the random number generators aren't exactly random. google it. basically it uses the time as the first "seed" and all subsequent numbers are derived from the last result (which is used for the next seed). quite interesteing stuff. granted you have to spoof the target pc into somehow giving you the next number, but if you get it then, well, you can overtake the original pc making it's account void. (note: just a thought) also, i've been so swamped with other projects i have not managed to get around to the recaptcha programming yet. did you manage in the end?

the site i was using to test it on seems to have died out (got DDoS'd) but i've been overwhelmed with work lately, hoping to have some free time in a few weeks