Autosurf Account Security Issues

rushourgraffic · #1 06-19-2006, 04:17 AM

This goes out to ALL admins, webmasters, scriptwriters, programmers in the Autosurf industry.

I am a newbie to AS (4 months) but I would think that the programs out there would have some modicum of sense when it comes to users account security.

I have just changed the passwords on 4 of the programs I have signed up with and each one sent me a PLAIN TEXT EMAIL with my password clearly shown in the text. Now come on. How many email relays do you think those messages went through before it got to me? Anywhere along the chain, someone could pick off a copy and hack my accounts!

None of the payment processors, (or banks or ebay) EVER sends out passwords through the email! Why do these programs?

Can we get some changes to the scripts NOT to send passwords through the email? It can't be that hard. And with all the programs touting "New security features" this is a GLARING HOLE in all of it.

Sorry for ranting, but this really needs to be addressed.

orchid88 · #2 06-19-2006, 07:45 AM

you're right...all the sites sent me PW thru emails. though i deleted all of them, i doubt if none has ever had a quick look on it

rushourgraffic · #3 06-20-2006, 10:15 AM

It's not the "quick look" you need to be worried about. It's the email routing system that "copies" your email before sending it on to you and forwards the copy to another address where they can take a "long look" at their leisure.

neversay · #4 06-20-2006, 01:45 PM

I would not see any other way of sending new pass to member which is cost effective.

CashMonster · #5 06-20-2006, 02:07 PM

mabe you could just not send the emails out at all and only if u forget your password u get a email with your password in

rushourgraffic · #6 06-21-2006, 06:37 AM

Quote:

Originally Posted by neversay

I would not see any other way of sending new pass to member which is cost effective.

The main problem, is after the member SETS their password, an email is sent to them with it in plain text. They already know the password. If they forget the password, there should be a secret question that they set when they signed up that they can use to reset the password and allow them in. Then they can reset their password at the site.

One other thing - logins are not in https (secure site)

bad form, but what else is new?

neversay · #7 06-21-2006, 07:21 AM

Well not many DataCenter will give you SSL certificate. So only big site could have https