Difference between revisions of "Security"
| Line 65: | Line 65: | ||
Mudlet automatically masks your password with asterisks when you connect to a game server that requests authentication. This protects your password from being visible on screen. | Mudlet automatically masks your password with asterisks when you connect to a game server that requests authentication. This protects your password from being visible on screen. | ||
| + | |||
| + | See Also: [[Manual:Supported_Protocols#ECHO (Password Masking) | ECHO Telnet Option]] | ||
==== Disabling Password Masking ==== | ==== Disabling Password Masking ==== | ||
Revision as of 00:05, 22 February 2026
Password Management
Passwords are stored securely using your operating system's built-in credential manager.
Available in Mudlet4.20+How It Works
When you save a password in Mudlet (such as your game character password), it is automatically encrypted and stored in the most secure location available:
- macOS: Stored in your macOS Keychain
- Windows: Stored in Windows Credential Manager
- Linux: Stored in your system's Secret Service (like GNOME Keyring or KWallet)
- Portable Mode: Encrypted files in your Mudlet profile folder
Security Features
Your passwords are protected by:
- System-level encryption - Your operating system handles the encryption using industry-standard methods
- Per-profile isolation - Each Mudlet profile's passwords are kept separate
- Automatic fallback - If the system keychain is unavailable, Mudlet uses AES-256 encrypted files
- No plaintext storage - Passwords are never stored in readable form
What This Means for You
- You don't need to do anything special
- Mudlet handles password security automatically. Just enter your password when creating or editing a profile, and Mudlet takes care of the rest.
- Your passwords are more secure
- By using your operating system's credential manager, your passwords benefit from the same security that protects your system passwords and other sensitive data.
- Portable installations still work
- If you use Mudlet in portable mode (running from a USB drive, for example), passwords are stored as encrypted files that travel with your installation.
- Multiple profiles are supported
- Each profile's passwords are kept separate and secure, even if you have multiple characters on the same game.
Managing Your Passwords
Your passwords are automatically retrieved when you connect to a game. You can view or change them in the Connection Profiles dialog:
- Click the Connect button on the main toolbar (or press Alt+C)
- Select your profile from the list
- Click the Options tab
- Your password will be securely loaded from storage and can be edited here
You can also create new profiles with passwords directly from this dialog.
Technical Details
For users interested in the technical implementation:
- Passwords in system keychains use the native encryption provided by your OS
- File-based storage uses AES-256 encryption with PBKDF2-SHA256 key derivation
- Each profile has a unique encryption key stored in its profile directory
- HMAC authentication ensures password integrity
- All password operations include timeout protection and error handling
Privacy
Your passwords are stored locally on your computer and are never transmitted to Mudlet's servers or any third party. The only time a password is sent over the network is when you connect to your game server (using the connection method you've chosen).
Password Masking Feature
Mudlet automatically masks your password with asterisks when you connect to a game server that requests authentication. This protects your password from being visible on screen.
See Also: ECHO Telnet Option
Disabling Password Masking
For users in trusted environments who prefer to see what they're typing, during password entry you can find an icon in the shape of an eye on the right side of the command line to unmask the password, or you can disable permanently disable password masking:
- Open the Profile Preferences dialog (Settings menu)
- Go to the Special Options tab
- Check the Disable password masking checkbox
Using Older Mudlet Versions (Before 4.20)
Starting with Mudlet 4.20, your saved passwords are stored securely using encryption. If you later use an older version of Mudlet (like 4.19.1 or earlier), here's what to expect:
- Your saved password may not appear – Older versions cannot read the new encrypted passwords, so the password field might be empty or show an outdated password.
- Simply re-enter your password – Just type your password again and continue playing normally.
- Your 4.20 passwords stay safe – Any password changes you make in an older version won't affect your encrypted passwords in 4.20+.
- No data loss occurs – When you return to Mudlet 4.20 or later, your securely stored passwords will still be there.
This design ensures that using an older Mudlet version temporarily won't corrupt or interfere with your modern encrypted password storage.