Sour Grapes
Of course we're Fair and Balanced!

Opinions are the author's and are not necessarily shared by Blogger, SDF, my employer or my family, but they should be.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.


Blog home
Blog archives
Web home
Contact
Legend Consulting
Justin's blog
(not updated since Aug 2009)

Entire web This site
Search this site (powered by FreeFind)

Blogs and such

e-mail lists

Other

Results of 2 Nov 2004 General Election (winners in bold; click on office for more detail)

Tools



since 12 Apr 2004

Locations of visitors to this page
Where in the world are visitors to this page located?
(Month-to-date totals since 15 July 2007)

2013-07-25

Isn't this a security lapse?
I recently wrote to a website I use regularly:
I changed mobile phones recently. When I try to log in to <appname> Android app, I keep getting the message, "Your nickname or password is incorrect. Please try again." I use a password program to generate and store passwords for all my apps and so I copy and paste my nickname and password rather than typing it in. After getting this message several times in a row, I followed the instructions to change my password. After re-entering my nickname and password at the website I was directed to, I am still unable to log in. I never had anything like this problem before.
Before they responded, I determined that the problem was special characters that I force the inclusion of in generated passwords; one of those characters in this password was a backslash (or reverse solidus, "\"), which I suspect was interpreted as an escape character (Unix/Linux programmers will understand why I so suspect). So I changed my password to consist of only upper- and lower-case letters and numbers.  My problem disappeared.

A short while later I received the following reply in clear text:
Hello <username>,

Here is your username: <username>
Here is your password: <password>

Please note that this may be case-sensitive on some mobile devices.

Let me know if you have any further questions or problems.

Regards,
Emailing password in clear text is not secure.  Furthermore, I wouldn't have thought the site administrator had access to my password other than in its encrypted form.

Qui utitur passwords, cave!

Original post by Namenlosen Trinker at 7/25/2013 11:13:00 AM Eastern time :: 0 comment(s) ::

0 comment(s):

Post a Comment



Blog home
 Blog archives
         2003
         2004
         2005
         2006
         2007
         2008
         2009
         2010
         2011
         2012
         2013

Justice (Civil Liberties, so-called Intellectual Property, Privacy & Secrecy); Politics & Government (International, National, State, Local); Humor (Irony & the Funny or Unusual); Science & Technology (Astronomy, Computers, the Internet, e-Voting, Crypto, Physics & Space); Communication (Books, Film, Media, Music & the English Language); Economics (Corporatism & Consumerism); and Items of Purely Personal Note (including Genealogy, Photography, Religion & Spirituality).