How to save a second password in PlayFab?

Question

question

Ozan Yilmaz asked Nov 12, '20

How to save a second password in PlayFab?

Hello,

In our games, there is a feature where the players can share some of their inventory items with the other players. The process is executed on the server-side. We're thinking of implementing a second password to increase the security. Even though someone's account is hacked, they will not be able to send any items to any other accounts. The question is how should I save the second password?

Currently, the passwords are saved as plain texts in the players' internal data. No players can reach that data but it still doesn't look right. Also, is there any MD5 feature or something in PlayFab, so we can use it to save the passwords as data?

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2020-11-12T19:53:19Z

brendan answered Nov 12, '20

Our advice would be to never, ever save passwords in plaintext. Passwords should only ever be stored salted (using a unique salt) and (one-way) hashed, so that it is not possible to get to the actual password text. There is no built-in MD5, so you would want to write this into your script or server code.

If you must have a password system, our recommendation would be to securely salt and hash the password before storage. In your server-side logic, you would then check against the stored password by salting and hashing what the player sends.

But if all you want to do is be able to have players gift items to other players, we do have a set of Trading API calls you can use: https://docs.microsoft.com/en-us/gaming/playfab/features/social/trading/

10 |1200

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

question

How to save a second password in PlayFab?

1 Answer

Write an Answer

Navigation

Spaces

question details