Author Topic: username and password emailed in plaintext? that's a no-no  (Read 1862 times)

0 Members and 1 Guest are viewing this topic.

Offline on0bi

  • New Member Group
  • *
  • Posts: 1
username and password emailed in plaintext? that's a no-no
« on: June 28, 2011, 20:14:53 PM »
i just noticed that my username and password was emailed to me in plain text when i registered on the forums. that's really not cool. if any of our email accounts were to get hacked by some lamers, then that straight up gives them full access to post spam and bullshit under our names on the forum. i've deleted the message, like i do with most of those types of emails regardless, but it's still a concern.

please modify your registration email to not have such sensitive details included

thanks

Offline Nefn

  • Full Member
  • ***
  • Posts: 110
Re: username and password emailed in plaintext? that's a no-no
« Reply #1 on: June 28, 2011, 21:04:01 PM »
I noticed the same. Afaik, the trick is then to go back in and quickly change your password on the forums.

Offline Ohm Ω

  • Member
  • *
  • Posts: 21
Re: username and password emailed in plaintext? that's a no-no
« Reply #2 on: June 30, 2011, 11:52:10 AM »
I think there isnt too much to worry about,  I think contact staff via email or start a new acvcount and PM if there are any issues concerning passwords or hyjacked accounts.  They need to know if there is any horse play so they can sort it out pronto.

Some members might put an easy password in so I think the forums are bound to experience a little mischief at times.

Good suggestion Nefn.  Change your password if this worries you.  I think it is good that administration here apears to be very professional..

Offline StrryIddChilld

  • New Member Group
  • *
  • Posts: 1
Re: username and password emailed in plaintext? that's a no-no
« Reply #3 on: July 05, 2011, 03:27:43 AM »
I'm a bit surprised by the LOW level of security on this forum,
which is understandable for a template... BUT I think this forum needs the security settings Optimised.
When I joined the forum, the server sent my username and password plaintext , no biggy to me, I quickly changed it..
but to the unsuspecting it is a sure trap some if they take too long to change the password will probably be hijacked.
I also noticed that when we reset our password it sends our IP ADDRESS to our email.
I know it's a safety measure but for a different situation.
why use HTTPS if we leak personal data through insecure channels ???
  O:)

Basically the server should send as little info as possible to unencrypted emails addresses.
« Last Edit: July 05, 2011, 09:53:49 AM by Z »