Download MetaTrader 5

On password security

To add comments, please log in or register
PassingBy
9
PassingBy 2012.12.02 05:16 

G'day all,

 

I'm a new-join, so tread lightly on me, please.

 

I have a concern with the community sign-up process. You may have been a member here so long that you have forgotten this, but on registering now you are sent the usual activation email. That email naturally includes the activation link, but then immediately the link is the following:

 

"After activation, you may use the following login and password:


Login: PassingBy

Password: 'your submitted password' " !!!

 

 IN CLEAR !! 

 

The Login & Password I just chose!

 

I was gob-smacked to see this. I have recently updated all my passwords, consolidating them into different security catagories, i.e. very high (for banking & finacial matters) in four stages down to a generic 'why on earth would this foolish site want a password for - here, use this'  level.

 

I find it incredible that a group whom I would have thought had a good grasp of the 'net, would send in clear the password that a new client/ User/ subscriber has elected.

 

Indeed: I consider that it should be illegal for ANY organization to effectively compromise any person's security by revealing a person's password.


May I suggest that 'you':

consider your procedures, and at first opportunity review this gross  security breach

Contact all your members, and notify them that all passwords are going to deactivated soon

Suggest to all users that they consider the implications of their passwords in  wider use, if they do use a few passwords for many sites

Include the strip by xkcd: http://www.explainxkcd.com/2011/08/10/password-strength/

 

In the meantime I'm off to try to change that password and avoid being clearly told about it.

 

Cheers

JenC 

phi nuts
2184
phi nuts 2012.12.02 06:08  
PassingBy:

G'day all,

...


Login: PassingBy

Password: 'your submitted password' " !!!

 

 IN CLEAR !! 

 

The Login & Password I just chose!

 

...

 

I find it incredible that a group whom I would have thought had a good grasp of the 'net, would send in clear the password that a new client/ User/ subscriber has elected.

 

Indeed: I consider that it should be illegal for ANY organization to effectively compromise any person's security by revealing a person's password.

...

 

Cheers

JenC 

Hi PassingBy,

1. Your email is secure right ?, I mean no one except you have access to your email, and you do know how to delete your email, right ?

2. I highlighted some of your comment there. Are you saying that MetaQuotes is not supposed to send clear-and-readable password to the right password owner to the owner email ? What if the user forgot his/her password ?

3. In your profile's security tab, make sure you also include your mobile phone number and if you have static IP, also check "Control session by IP".   

MetaQuotes
Admin
25034
Renat Fatkhullin 2012.12.02 14:21  
We do not use clear passwords in our databases.
Oyebimpe Adeola Ojetunde
493
Oyebimpe Adeola Ojetunde 2012.12.02 17:28  
I suggest MetaQuotes should not send clear-and-readable password to the right password owner to the owner email since the owner can easily reset his/her password in the login page of the website because if hackers hack the e-mail, they can easily get all necessary privacy details to loging to this site on owners behalf and perform some illegal/legal action.
Moses Olawale  Ajayi
2398
Moses Olawale Ajayi 2012.12.02 17:49  
oyebimpe:
I suggest MetaQuotes should not send clear-and-readable password to the right password owner to the owner email since the owner can easily reset his/her password in the login page of the website because if hackers hack the e-mail, they can easily get all necessary privacy details to loging to this site on owners behalf and perform some illegal/legal action.

You have read my mind, oyebimpe

Good comment.


phi nuts
2184
phi nuts 2012.12.04 05:25  
oyebimpe:
I suggest MetaQuotes should not send clear-and-readable password to the right password owner to the owner email since the owner can easily reset his/her password in the login page of the website because if hackers hack the e-mail, they can easily get all necessary privacy details to loging to this site on owners behalf and perform some illegal/legal action. 

You have read my mind, oyebimpe

Good comment.

Well, if the email is hacked, then the email-owner should worry more than just his/her mql5 login (S/he should worry more about some ID and personal and financial data being stolen), coz who knows, what is in one's email.

That's actually my first question to PassingBy who start this topic, is your email safe ? 

To add comments, please log in or register