It's confusing because a lot of stuff happens in the background, stuff the player should be aware of but is never told.
It is insecure because it is very convenient to use the same password everywhere.
A couple of servers enforce a password, so you are technically forced to create an account on these. But it is a problem on servers which do not enforce this as well.
What the player is NOT told is the following:
- The first time the player logs in into a server with a password, an account with this name and password is automatically created
- The next time the player wants to log in this password must be provided.
This is very bad, because: If the player ever changes the password and did not remember it, the player has successfully locked out himself/herself of the server and does not even know why. The account name has been “burned”.
The player is only notified if the access has been denied because of false login data, but then it is already too late. For correct login data, the client is of course silent.
What should be done instead:
The first time the player connects to a server with a password, the server should give some sort of special response which triggers a dialog in the client.
This dialog should show name and (censored?) password (should only say: “has been set”) and explicitly ask the player: “You provided a password and this server has no account for the name ‘<name’> yet. Do you want to create an account with the name ‘<name>’ and your provided password on the server ‘<hostname>’? You will need this data the next time you want to login. [Yes] [No]”.
If the player clicks “Yes”, the server is notified and gives another response on success. If this response arrived, the client gives a confirmation dialog: “An account with the name ‘<name>’ has been successfully created on the server ‘<hostname>’. Do you want to connect now? [Yes] [No]”.
There should also a dialog if the account creation is unsuccessful or a timeout happens.
The second issue is that password handling is pretty insecure IMO. It is very easy to simply use the same password everywhere, if I recall correctly, the password field is not even cleared automatically.
So I suppose there are probably a lot of accounts on the servers lying around, all with passwords which are identical on every server.
Here is a simple way to collect many passwords without any hacking:
- Just start a server with enforced passwords
- Publicly announce this server as good as you can
- Wait for players to connect
- Run your server for some time
Bam! You now have a lot of default passwords which you can now abuse to login on other servers and do all kinds of stuff. What this means for players: Never ever use the same password on every server. It just takes a single (!) malicous server operator to pwn all accounts.
I have currently no real idea how to fix the second problem, but I want to point out that there is a problem at least.