#987 Access Tokens - Simplify!


Hi there,

I really like what you guys are doing and really love Mumble. However there is one issue in mumble as a server owner I get questions about it all the time. This is Access Tokens.

Right now each time I get new folks to join a password protected channel they have no idea how tokens work or how to get it work and it takes several minutes to explain etc and some have a minimal typo etc.

My suggestion is that when trying to join a password protected channel a popup would come up and asking for Token or Password and a checkbox to remember the password/token (Changing the name to Password would make users less confused about this though)

After entering the name the token would be saved if the checkbox was checked and the user would enter the channel. IF wrong password the user would get notified and asked for password again instead being supressed and not knowing why.

This change would help allot of new users to mumble and make it less confusing about adding and managing passwords to channels.
Best Regards


  • Jesepi

    Jesepi - 2012-04-10

    I think if they renamed access tokens to "Channel Passwords" it would go a long way, as well as a popup asking for a channel password.

  • fwaggle

    fwaggle - 2012-04-18

    There's a reason this probably seems like an obvious idea: it is. The problem is that doing it that way opens up several cans of worms, otherwise it'd have been done ages ago. :(

    First, they're not called channel passwords because they're not always going to grant you access to a channel. Treating them as such in the UI grossly weakens the concept of what they are.

    Second, lack of privileges to join a channel is easy to calculate - whether any given token will grant you access is maybe not so easy to calculate. Also, because passwords are "low-hanging fruit" security-wise, it makes very little sense to disclose to every user denied access that a backdoor exists if only they had the right token. It's bad enough we have at least one scenario where token groups can out and out be disclosed...

    I know it's hard dealing with users, many of whom will have an idea of what's easy and will turn their noses up at anything different. I have found however that there are next to zero people who can't grok tokens after following a forum post with two or three screenshots. I think that's probably why no one's muddied up the concept by tastingg them as simple passwords (they are not). Also, calling them passwords will not help users who typo.


Log in to post a comment.