Do not send password in confirmation email!

herojoker

Newbie

Offline

Posts: 5

Do not send password in confirmation email!

« on: January 21, 2009, 06:51:29 PM »

I, after registering I noticed that my password has been sent to me in the confirmation email.
I suggest to immediately calculate the hash and forget the original password as soon as possible in the data processing.

So logging in works as follows:

User enters password, server creates hash, compares created hash with hash of the known password, if they are identical the user is authorized.

I think sending the password via email is not necessary.


	Logged

scott1256ca

Newbie

Offline

Posts: 14

Re: Do not send password in confirmation email!

« Reply #1 on: August 11, 2009, 04:09:53 AM »

I signed up yesterday and was not very pleased that Comodo chose to send my password back to me in unencrypted email. What are you thinking? The OP posted this MONTHS ago, and you still have not addressed the issue???

Like many people, I have signed up at several different and diverse forums, and I tend to use the same password for each. I can't believe that a company dedicated to internet security would send the password back to me this way!

Please change this policy, or at least explain why you think it is necessary to send our passwords back to us? Also please explain why no one ever responded to the OP's post.

Thanks


	Logged

LaserWraith

pillow fighting fool
Usability Study Member
Comodo's Hero

Offline

Posts: 3666

Anything besides absolute truth is illogical.

Re: Do not send password in confirmation email!

« Reply #2 on: August 11, 2009, 07:36:36 PM »

I assume you are talking about this forum registration...and I'm not sure if Comodo can do anything about it. This forum is powered by SMF.


	Logged

COMODO Internet Security 4 Review
COMODO Time Machine Review
Are you clicking those links? Hmm?

Jacob

Global Moderator
Comodo's Hero

Offline

Posts: 546

Re: Do not send password in confirmation email!

« Reply #3 on: August 11, 2009, 11:06:41 PM »

Quote from: LaserWraith on August 11, 2009, 07:36:36 PM

I assume you are talking about this forum registration...and I'm not sure if Comodo can do anything about it. This forum is powered by SMF.

I believe you are right. I've search'd for a "Mod" at smf but Couldn't find anything resulting in a "defualt password first then change after first login"....

Jacob


	Logged

The Forum Policy
-My System Specs-
40 GB HD
1 GB RAM
WinXP Pro

scott1256ca

Newbie

Offline

Posts: 14

Re: Do not send password in confirmation email!

« Reply #4 on: August 12, 2009, 04:49:51 AM »

It is still Comodo's forum, and they are the ones responsible for its operation. Perhaps Comodo has been in touch with SMF and asked them to change this policy, or asked how they can change it, but there is no evidence that I have seen that they have done even this. Thanks for your input though.


	Logged

LaserWraith

pillow fighting fool
Usability Study Member
Comodo's Hero

Offline

Posts: 3666

Anything besides absolute truth is illogical.

Re: Do not send password in confirmation email!

« Reply #5 on: August 12, 2009, 10:08:37 AM »

If you really want this you can post it in the SMF Forum:

Here, if you think it is a bug

Here, if you think it is a feature request


	Logged

COMODO Internet Security 4 Review
COMODO Time Machine Review
Are you clicking those links? Hmm?

EricJH

Global Moderator
Comodo's Hero

Online

Posts: 5815

Re: Do not send password in confirmation email!

« Reply #6 on: August 14, 2009, 08:21:57 AM »

Moved to the appropriate forum.


	Logged

Please read: Introduction to the Sandbox

Using CIS v4 and always the latest snapshot of Opera browser.

AMD Phenom 925 quad core with 4 GB RAM on MSI 785G E53

Tags: password email security

Pages: [1]

« previous next »

Jump to:

SSL Certificate

Free Virus Removal

Firewall

Page created in 0.2 seconds with 17 queries.

Design by 7dana.com