Do not send password in confirmation email!

herojoker

Newbie

Offline

Posts: 5

Do not send password in confirmation email!

« on: January 21, 2009, 06:51:29 PM »

I, after registering I noticed that my password has been sent to me in the confirmation email.
I suggest to immediately calculate the hash and forget the original password as soon as possible in the data processing.

So logging in works as follows:

User enters password, server creates hash, compares created hash with hash of the known password, if they are identical the user is authorized.

I think sending the password via email is not necessary.


	Logged

scott1256ca

Newbie

Offline

Posts: 14

Re: Do not send password in confirmation email!

« Reply #1 on: August 11, 2009, 04:09:53 AM »

I signed up yesterday and was not very pleased that Comodo chose to send my password back to me in unencrypted email. What are you thinking? The OP posted this MONTHS ago, and you still have not addressed the issue???

Like many people, I have signed up at several different and diverse forums, and I tend to use the same password for each. I can't believe that a company dedicated to internet security would send the password back to me this way!

Please change this policy, or at least explain why you think it is necessary to send our passwords back to us? Also please explain why no one ever responded to the OP's post.

Thanks


	Logged

LaserWraith

Usability Study Member
Comodo's Hero

Offline

Posts: 3238

BSOD is my friend. He should be yours!

Re: Do not send password in confirmation email!

« Reply #2 on: August 11, 2009, 07:36:36 PM »

I assume you are talking about this forum registration...and I'm not sure if Comodo can do anything about it. This forum is powered by SMF.


	Logged

In peace sons bury fathers; in war fathers bury sons.

Visit my site!

Some of my articles - click for blog page.

Jacob

Global Moderator
Comodo's Hero

Offline

Posts: 514

Re: Do not send password in confirmation email!

« Reply #3 on: August 11, 2009, 11:06:41 PM »

Quote from: LaserWraith on August 11, 2009, 07:36:36 PM

I assume you are talking about this forum registration...and I'm not sure if Comodo can do anything about it. This forum is powered by SMF.

I believe you are right. I've search'd for a "Mod" at smf but Couldn't find anything resulting in a "defualt password first then change after first login"....

Jacob


	Logged

The Forum Policy
-My System Specs-
500 GB HD
4 GB RAM
Win7 (WinXP/WinVista/Fedora In VM)

scott1256ca

Newbie

Offline

Posts: 14

Re: Do not send password in confirmation email!

« Reply #4 on: August 12, 2009, 04:49:51 AM »

It is still Comodo's forum, and they are the ones responsible for its operation. Perhaps Comodo has been in touch with SMF and asked them to change this policy, or asked how they can change it, but there is no evidence that I have seen that they have done even this. Thanks for your input though.


	Logged

LaserWraith

Usability Study Member
Comodo's Hero

Offline

Posts: 3238

BSOD is my friend. He should be yours!

Re: Do not send password in confirmation email!

« Reply #5 on: August 12, 2009, 10:08:37 AM »

If you really want this you can post it in the SMF Forum:

Here, if you think it is a bug

Here, if you think it is a feature request


	Logged

In peace sons bury fathers; in war fathers bury sons.

Visit my site!

Some of my articles - click for blog page.

EricJH

Global Moderator
Comodo's Hero

Offline

Posts: 4156

Re: Do not send password in confirmation email!

« Reply #6 on: August 14, 2009, 08:21:57 AM »

Moved to the appropriate forum.


	Logged

Triple boot: XP SP3, Vista Ultimate 32 SP2 and Win7 RTM (default) , Always the latest CIS or CIS Beta (too lazy to update my sig) Athlon XP 2600 1 GB RAM. Opera Browser always using the latest snapshots; Opera 10.10 as of now

Tags: password email security

Pages: [1]

« previous next »

Jump to:

SSL Certificate

Free Virus Removal

Firewall

Page created in 0.039 seconds with 19 queries.

Design by 7dana.com