About Stats Privacy Patreon Why you should not reuse passwords
2025-11-20, by DrFriendless
I have previously posted on the previous incarnation of this blog (the post may or may not get ported to this new incarnation) about how I was going to use a third-party authentication system on this site so that I couldn’t steal your passwords. Well of course I could have anyway if lied about what the code did, and now I take that back completely. I’m going to roll my own login system.
This is because:
So, my advice to you when you sign up to this site (or any other site) is: assume that the developer of the site knows your password. So, do not use the password you use for your bank, or your email, or even boardgamegeek.com - those should all be different, because you should assume that the developer at each of those sites knows the password you use there.
Furthermore there are laws in Australia that say if the government requires a developer’s help to hack into a system, the developer has to provide that help (and why, yes, I am furious about that). So, don’t use a password on this site that you wouldn’t want me and the Australian government to know.
On a happier note, I think I’ve solved the problem of authenticating BGG users. When you sign up I’ll generate a random code and tell it to you. Then you post that code to this thread on BGG: authentication thread. The Extended Stats gremlins will see that, and enable your account.
Extended Stats is honoured to be powered by boardgamegeek.com!
