cawpin
Posts: 1
Joined: 11/1/2007 Status: offline
|
I'll be adding this site to the list of sites that I probably won't be using. I registered last night to download a firmware for my DVD writer. During that process i was sent an email to confirm my account. This is standard procedure. After confirmation, however, I was sent another email containing my username AND PASSWORD IN PLAIN TEXT. This is absolutely ridiculous. First, email is not protected nor encrypted in any way and you sent my password in plain text. Second, my password shouldn't be retrievable at all, by anyone. If it needs to be reset it should be reset to a temporary one and THAT should be sent to me in email and I can then change it to what I want. This is an automated process and isn't hard to set up. In fact it is the default behavior on most forum software which means somebody intentionally changed it to its current behavior. There is no excuse for this kind of lax security. Whoever runs this forum isn't doing their job. You don't send people's passwords to them, you just DON'T.
< Message edited by cawpin -- 11/2/2007 9:17:36 AM >
|