Skip to main content
0

Home Alt Forums Registration or Download Issues Security warning

  • This topic is empty.
Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • March 24, 2015 at 7:42 am #10059
    R Thomas
    Participant

      I attempted to have this conversation with Johnny but as you can see below that did not go well as I wanted to warn people. Your passwords are both stored in plain text (this means that if there is a data leak the passwords are not encrypted but just there in plain text and further sending them in plain text via email makes it much more likely that your password and email combination can be intercepted and used to access other accounts with the same password (especially if they also have the same email address). What you should do: consider changing the passwords on any accounts on other websites which have the same password as here. This is especially true for account which also use the same email address or which are important to not compromise (paypal, facebook etc). Do not change the password on this account (unless the system is changed to make it secure) as you will just be exposing another password to the same risks. Remove data from your account which you do not want to risk being exposed.

      Users can find more information here: http://plaintextoffenders.com/faq/non-devs

      Johnny you can find more information here: http://plaintextoffenders.com/faq/devs

      There is more information for everyone at http://www.technologyreview.com/news/518056/why-e-mail-cant-be-completely-private/

      Conversation so far which has lead to me making this post since this has as an issue has just been denied is attached to this post or below:
      tumblr_nlq0qcIDPG1te4kb8o1_1280.jpg

      64lj7-Screen-Shot-2015-03-24-at-14.22.22.jpg

      March 24, 2015 at 9:47 am #13854
      Anonymous

        There are quite a few websites that when you join-up they send you an e-mail containing your e-mail address & password.
        But they usually force you to complete your registration by logging in again & then force you to change your password.
        This is to prove you are the owner of the e-mail address and not someone maliciously giving out other peoples e-mail
        addresses.

        For example i could sign up someone to a porn site against their knowledge, they would then receive a
        confirmation e-mail, which they could decline, but worse still, their e-mail address is now going to be targeted by a porn
        site, which will sell that e-mail address onto other porn sites… result mega porn junk e-mails.

        As for creating passwords, it is common knowledge not to reuse the same password for every website you use,
        that is very unwise, but unfortunately a lot of trusting people fall in that trap.

        As for data protection, that can be a global issue, as some countries have different rules about data protection,
        what applies to the Eu may not apply outside the Eu and in the Usa!

        Finally, beware of people giving you websites to click on in e-mails, and in chat forums!
        the general rule is, if you don’t know them, avoid the link like the plague.
        That’s where virus software gets silently put on your pc without your knowledge,
        or worse still you think you are signing into your trusted site, when in fact you are signing
        into a fake site which stores your password, they then use that to sign in the real site,
        and buy things with your credit card.

        March 25, 2015 at 9:56 am #13868
        R Thomas
        Participant

          @sxpoet Certainly people need to confirm their email but this has *nothing* to do with the password as it’s a password that you set on signup, so either an email with a randomly generated password (not by the user) which is then changed or just a confirmation link for your email would be suitable. Neither of these are the case here and this is completely unrelated to the situation here.

          Update, Johnny has said that a second email if your password is changed will not be emailed out so it is worthwhile changing your password but please not to the same as any other account as there is a still a security risk as it seems to be stored as plain text. I’m going to test this now.

          March 25, 2015 at 10:30 am #13869
          Michael
          Participant

            I had similar problems on youtube and with my youtube account; only someone had managed to delete some of my videos or post comments on other people’s channel; comments that I would never make; so I had to make some changes and for myself that meant getting away from yahoo. Thanks for sharing this info!

            March 25, 2015 at 11:05 am #13870
            john
            Keymaster

              The email settings have been changed to not include passwords.
              Anyone who forgets their signup password can simply reset it by
              clicking the “forget your password?” link on the sign in page, which
              by the way is now linkable from the top menu since the site update.

              cheers guys
              Johnny

              March 25, 2015 at 11:58 am #13871
              Anonymous

                Ok – ravensflight – see what you mean, but like i said,
                i have joined some websites in the past where you have to signup with your own password not a site generated one,
                then the same sites then sent me an e-mail showing me my e-mail address & my password that i joined the site with.
                Then they gave a link in the e-mail to confirm my registration, which i did, and when i clicked on it , they forced me to
                change my password when i went back into the site.

                The only way i could have got back into their site was via the link in the e-mail!
                otherwise it wouldn’t recognise my e-mail signup address!
                This goes back years ago, and that practice is outdated.

              • Author
                Posts
              Viewing 6 posts - 1 through 6 (of 6 total)
              • You must be logged in to reply to this topic.
              Close Menu