Download

Storing player passwords locally

I have a login system setup. Want to add a feature that allows a checkbox to remember the user password so they don’t have to type it in every time.
How should I configure it so the player can save safely their passwords on their own computer with UE4?

“Safely” in this case is rather questionable, ignoring the obvious huge security hole that anyone with physical access to the computer can login at any moment i would just encrypt passwords as you normally do in any other login system.

If you just store the encrypted password, you can store it however you like, such as a plaintext file. And then just fill the password field with some number of symbols to make it look like a password is in the field.

Alternatively you can maybe generate a sort of temporary certification/passport (an sha-1 string is enough for this purpose) that is only valid for a day or a week maybe. You store this cert both in client and your login system. When the user comes up next day, the game will submit the cert and logs the player in automatically. If the cert is expired, your login system will reject it, so your game can ask the player to type the password in again, which results in a new cert. This way you don’t have to store the actual password. Use SSL with CURL (engine is capable of doing it), for submiting the cert and the initial password.

store and send only hash of password, never store password anywhere, most online services also store only hash of password for security reasons

Don’t store password. Create a session on the server side and store a session key the client can use to authenticate from now on.

Maybe I wasn’t clear enough;

I have a server setup with registration and login on an external website as well as a login in the UE4 game. Passwords are hashed and salted when registered. Used a Rest plugin to fully integrate with UE4, players can login and create sessions by sending JSON requests.

What I need is to be able to have a remember password button so the player doesn’t have to type in their password every time. Similar to how a Firefox or Chrome browser can remember passwords or like Star Citizen. How would a browser or game store the passwords on the users local pc?

It doesn’t “remember” the password. It just says that because users are more likely to understand the intent like that. Behind the scenes, it uses a session key.

How long does a session last?
If the user never unselects remember the session never expires?

And have a boolean that says if remember checked validate against session key instead of password?

How do I store the session key then? It has to be stored locally somehow.

Here’s my login page;