Password Security

How about changing UI from saying Team Password to something else?
Team Access Code, Team Join Code, maybe Token instead of Code, or whatever Trevor.

@h2b2 Looks like this has happened: github.com/ornicar/lila/commit/0e0b93b79d42181f9b895153e9539d0bdfef188f

@h2b2 I guess you are correct. 👍

@h2b2 I think it should be the "Team Access Code" or the "Team Join Code".

"team entry codes" are now also not shown to mods anymore. But ofc Lichess can still see find them from the db if necessary (e.g. for moderation purposes since offensive codes could in theory be used to insult or bully people.

#25 The "team entry codes" are maybe not shown to mods. But moderators with the "manage team" permission (which, is part of the admin package) can still change team leaders. Thus they can add themselves (or anyone else) as team leaders. So really, db access is not needed, and probably never will be needed.

If we want some mods to be able to change team leaders. (We probably do)
And we also want team leaders to be able to see the code. (We probably do)
Thus, ultimately some mods will always be able to see the code, even if some extra steps are required to do so.

Late to the party, but it seems to me that the already done renaming away from password is the best that can be done, to suggest that the code is indeed not really a password.

(And ofc, the same/similar thing for the code protected arena/swiss events)

[Do correct me if I got something wrong]

@CityWanderer looks like they made the change before my comment. oh well.

I was about to question #9 and ask for the source for his information

Then I realize it was Thibault answering