Your Passwort behavior
Your Passwort behavior
I find your behavior with the board passwords absolut stupid.
First you force me to create a safe password and then you send it CLEAR TEXT by EMAIL to me!? Absolut brilliant!
Why don't you send me a dummi password and force me to change it on the first login? This is much better than sending real password in cleartext through the web.
At least you should WARN your users that you will send the password to them by mail.
First you force me to create a safe password and then you send it CLEAR TEXT by EMAIL to me!? Absolut brilliant!
Why don't you send me a dummi password and force me to change it on the first login? This is much better than sending real password in cleartext through the web.
At least you should WARN your users that you will send the password to them by mail.
Re: Your Passwort behavior
http://www.phpbb.com/
Go here and shake the monkey cage.
Go here and shake the monkey cage.
- lav_coyote25
- Professional
- Posts: 3434
- Joined: 08 Aug 2006, 23:18
Re: Your Passwort behavior
before a shooting war starts... lets not use harsh language please. if there is a problem with the site - as kamaze stated go to the source of the problem - which in this case is the phpbb coders. obviously they have missed something that you have caught - i am just wondering how many people using the same software have missed this oh so obvious glitch.
thanks for the feedback.
thanks for the feedback.
Re: Your Passwort behavior
Without encryption both ways suck as both times you send your real password in cleartext through the web. Maybe that's why the phpBB developers decided to go this way.KFlash wrote:Why don't you send me a dummi password and force me to change it on the first login? This is much better than sending real password in cleartext through the web.
- DevUrandom
- Regular
- Posts: 1690
- Joined: 31 Jul 2006, 23:14
Re: Your Passwort behavior
As it currently looks to me, we cannot disable that send-password feature without touching the code.
"Best" way is to never send the password and not store it anywhere either. Maybe you want to tell that the phpBB devs.
And if I am not mistaken, you send the password unencrypted anyway, when logging into the forums. So it does not matter that much, since one or the other channel is unencrypted anyway.
What helps against this? Do not use important passwords for web-authentication...
"Best" way is to never send the password and not store it anywhere either. Maybe you want to tell that the phpBB devs.
And if I am not mistaken, you send the password unencrypted anyway, when logging into the forums. So it does not matter that much, since one or the other channel is unencrypted anyway.
What helps against this? Do not use important passwords for web-authentication...
Re: Your Passwort behavior
I can change the E-Mail template to remove the password from it.
We all have the same heaven, but not the same horizon.
Re: Your Passwort behavior
Better: Never use the same password twice. :XDevUrandom wrote:Do not use important passwords for web-authentication...
Re: Your Passwort behavior
Actually, it is safer to send it via e-mail than it is over plain HTTP.I find your behavior with the board passwords [sic] absolut stupid.
First you force me to create a safe password and then you send it CLEAR TEXT by EMAIL to me!? Absolut brilliant!
Fact is if your mail server is competent in the least it will support TLS. When the wz2100.net MTA opens a connection to your MTA it will see that it supports TLS and use it. As a result the message is encrypted.
Next, if your IMAP/POP3 server and mail client is competent in the least SSL will be used to transfer/copy the message to your computer.
Now, that seems quite secure to me. (Unless you can not trust the location where your mail is kept/stored, in which case you've got bigger problems.)
Furthermore, the password reset functionality also makes use of e-mail. It generates a code in the form of a link which is then e-mailed to you.
It is only insecure if others have access to your e-mails, again, in which case you've got bigger problems.
Regards, Freddie.