Disappointed, you send a PASSWORD in plain text...

Post new topic   This topic is locked: you cannot edit posts or make replies.

View previous topic View next topic Go down

Disappointed, you send a PASSWORD in plain text...

Post by drwiremore on 11th October 2009, 3:54 pm

I'm new to this forum, but not new to malware and virus removal. It is with great disappointment that I see you violate basic privacy by sending the password to the person in clear/plain text.

If you are going to do this. PLEASE PLEASE PLEASE modify your registration paragraph to state that you will be sending that password to them in clear text. If they pride themselves in a fairly confidential password, use a temporary password.... and then change it after initial logon.

Thank You!

drwiremore
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-10-11
OS OS : XP SP3, Palm OS,
Points Points : 26156
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Disappointed, you send a PASSWORD in plain text...

Post by Belahzur on 11th October 2009, 4:37 pm

I don't understand, we don't and never have/never will ask for anyone's password? The details entered are kept private under MD5 hash, and no one can see them, not even me.


@RealBelahzur - [Prework] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Disappointed, you send a PASSWORD in plain text...

Post by drwiremore on 11th October 2009, 7:05 pm

@Belahzur wrote:I don't understand, we don't and never have/never will ask for anyone's password? The details entered are kept private under MD5 hash, and no one can see them, not even me.

Thanks for your reply, but perhaps I didn't No way! write my thought clearly, or you misunderstood. Let me think Sorry either way. I didn't say "ask" I said "send" or publish. You state: "No can see them?(password)" The system is encrypted... then why send that same password to the user in plain sight? And if you change a password, you do NOT send subsequent passwords via email. What is the difference?

Since a newbe probably has limited numbers of passwords they use, then why compromise the one they used to register on this site with a plain/text email message displaying that password? Worse, and shame on you (geekpolice, not personal), you encourage the new user (by email) to "Please keep this email in your savebox" which is both their username and their password. Yes, save your username.... but for goodness sake, do not save your password on paper, on a potentially compromised system, heck don't save a password on any system in clear text. Very Bad Practice. (In my humble opinion; shared by NIST, ISO, and ISC2 as well.) ~dw Shh a secret

drwiremore
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-10-11
OS OS : XP SP3, Palm OS,
Points Points : 26156
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Disappointed, you send a PASSWORD in plain text...

Post by MrMario on 12th October 2009, 12:46 am

GeekPolice doesn't have control of this and the only host that does it Frotumotion.com.

I am a Global Mod over there and I can say that no one else can see your password besides you. If you wish you can go ahead and contact are Admin who is Typlo about this matter so that he can pass it along the rest of the tech team. The only thing would be that it might not be possible seeing that Forumotion picks what they want and what the techs can do at the time. So please don't get made at GeekPolice since they don't have any control of this.

MrMario
Intermediate
Intermediate

Posts Posts : 182
Joined Joined : 2009-04-14
Gender Gender : Male
OS OS : Windows 7 Home Premium
Protection Protection : Avast and Malwarebytes' Anti-Malware
Points Points : 29186
# Likes # Likes : 0

View user profile

Back to top Go down

Fix the message, if you can't fix the process itself.

Post by drwiremore on 12th October 2009, 2:12 am

I put in all those funny icons... I'm not upset; perhaps disappointed. If we (those of us that fight malware, virus and bad stuff that protect our computer's integrity and privacy) don't take that same security and privacy seriously, then who will.

I figured you didn't own the process.... but YOU do own the message. It is within your capability to change your welcome message.... prompting a person to register by including something that says your password will be mailed to you. Simple to fix... don't make a big deal about it... just consider what you are trying to represent... and make a small fix in the verbage.... as I said before, and as you said: this is hosted, you can't control the process... but YOU can control the text in the box to register. ~dw My Buddy

drwiremore
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-10-11
OS OS : XP SP3, Palm OS,
Points Points : 26156
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Disappointed, you send a PASSWORD in plain text...

Post by megatails5 on 12th October 2009, 6:40 pm

it all seems a bid padantic (or however its spelt) that you care so much about us being emailed our passwords. It is likely an automated system that sends each new user their details so they don't forget, and (if like me) people use yahoo mail, it is an incredibly secure mail service that is difficult to compromise. Your worries are that of other people hacking the account (understandable) and then seeing the password, only to then know what it is because of the email. But seriously, people have more than one password, especially people who have a computer network at their school (given a username and password) or workplace. If we cared as much as you do about our privacy,we would delete those emails, i personally do delete most emails that tell me my password, but for the simple fact i can remember it.
I wouldn't make such a big deal, but you obviously take computer virus's seriously so i won't judge you, all i'm saying is that our privacy is up to us, not the website that gives people an option to delete or keep the email...



megatails5
Senior
Senior

Posts Posts : 228
Joined Joined : 2009-03-16
Gender Gender : Male
OS OS : Windows Vista 64bit
Protection Protection : Malwarebytes, Windows Security Essentials
Points Points : 28880
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Disappointed, you send a PASSWORD in plain text...

Post by drwiremore on 12th October 2009, 6:58 pm

@megatails5 wrote: It is likely an automated system that sends each new user their details so they don't forget, and (if like me) people use yahoo mail, it is an incredibly secure mail service that is difficult to compromise.
Respectfully, Bow or Thanks Sending passwords in any form (mail included) is bad practice. Worse if you are held to a higher standard, aka: geek police.

If we are going to send someone (even one time) their password in clear text...tell them about it as part of the "automated" registration process before hand." Shh a secret

Moderator: You can close this topic. Thanks for sharing your thoughts. ~dw

drwiremore
Beginner
Beginner

Posts Posts : 4
Joined Joined : 2009-10-11
OS OS : XP SP3, Palm OS,
Points Points : 26156
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

Post new topic   This topic is locked: you cannot edit posts or make replies.
 
Permissions in this forum:
You can reply to topics in this forum