On password security
G'day all,
...
Login: PassingBy
Password: 'your submitted password' " !!!
IN CLEAR !!
The Login & Password I just chose!
...
I find it incredible that a group whom I would have thought had a good grasp of the 'net, would send in clear the password that a new client/ User/ subscriber has elected.
Indeed: I consider that it should be illegal for ANY organization to effectively compromise any person's security by revealing a person's password.
...
Cheers
JenC
Hi PassingBy,
1. Your email is secure right ?, I mean no one except you have access to your email, and you do know how to delete your email, right ?
2. I highlighted some of your comment there. Are you saying that MetaQuotes is not supposed to send clear-and-readable password to the right password owner to the owner email ? What if the user forgot his/her password ?
3. In your profile's security tab, make sure you also include your mobile phone number and if you have static IP, also check "Control session by IP".
I suggest MetaQuotes should not send clear-and-readable password to the right password owner to the owner email since the owner can easily reset his/her password in the login page of the website because if hackers hack the e-mail, they can easily get all necessary privacy details to loging to this site on owners behalf and perform some illegal/legal action.
You have read my mind, oyebimpe
Good comment.
I suggest MetaQuotes should not send clear-and-readable password to the right password owner to the owner email since the owner can easily reset his/her password in the login page of the website because if hackers hack the e-mail, they can easily get all necessary privacy details to loging to this site on owners behalf and perform some illegal/legal action.
You have read my mind, oyebimpe
Good comment.
Well, if the email is hacked, then the email-owner should worry more than just his/her mql5 login (S/he should worry more about some ID and personal and financial data being stolen), coz who knows, what is in one's email.
That's actually my first question to PassingBy who start this topic, is your email safe ?
- Free trading apps
- Over 8,000 signals for copying
- Economic news for exploring financial markets
You agree to website policy and terms of use
G'day all,
I'm a new-join, so tread lightly on me, please.
I have a concern with the community sign-up process. You may have been a member here so long that you have forgotten this, but on registering now you are sent the usual activation email. That email naturally includes the activation link, but then immediately the link is the following:
"After activation, you may use the following login and password:
Login: PassingBy
Password: 'your submitted password' " !!!
IN CLEAR !!
The Login & Password I just chose!
I was gob-smacked to see this. I have recently updated all my passwords, consolidating them into different security catagories, i.e. very high (for banking & finacial matters) in four stages down to a generic 'why on earth would this foolish site want a password for - here, use this' level.
I find it incredible that a group whom I would have thought had a good grasp of the 'net, would send in clear the password that a new client/ User/ subscriber has elected.
Indeed: I consider that it should be illegal for ANY organization to effectively compromise any person's security by revealing a person's password.
May I suggest that 'you':
consider your procedures, and at first opportunity review this gross security breach
Contact all your members, and notify them that all passwords are going to deactivated soon
Suggest to all users that they consider the implications of their passwords in wider use, if they do use a few passwords for many sites
Include the strip by xkcd: http://www.explainxkcd.com/2011/08/10/password-strength/
In the meantime I'm off to try to change that password and avoid being clearly told about it.
Cheers
JenC