Security in the forum

system · December 13, 2007, 7:33am

You’re dealing with internet-security?
Why do you send me my password in an unsecure email if I don’t ask you for this???
Can’t you imagine that I don’t use a seperate password for each forum?
We’re living in 2007 and the internet wasn’t made up yesterday.
If you got such obvious security-problems, I don’t want to think about what’s happening with the rest of my personal data on your servers.

Best regards
Bye

ganda · December 13, 2007, 1:45pm

??? i think this guy is more paranoid than me (:TNG)

pierceive · December 16, 2007, 12:45am

I just came here to post exactly what the OP said. Sending passwords in cleartext is a great indicator of a complete lack of security (and I generally try to avoid doing business with any such sites). This has nothing to do with paranoia; it is a huge security risk to any and all users. There is no reason that my password should be stored anywhere but in my head or in an encrypted database.

system · December 16, 2007, 12:58am

I agree, lol… but also i see, The Reason for being such Hiped up by just a forum password…So Much info you can get …idk -cg

ganda · December 17, 2007, 3:16am

it’s just forum password, we shouldn’t use single password for forum,email, and internet banking. who wants to steal a forum password anyway (:TNG)

gordon · December 17, 2007, 12:47pm

Many boards send you your password by e-mail, f.ex if you forgot it, as a service…
usually they also tell you that the first thing you should do is change it ! …
… over SSL (HTTPS) of course
and you shouldn’t be using the same password for multiple accounts because there are punks who try to steal passwords and/or ■■■■■ accounts, God knows why …

By default EVERYTHING you send over the internet is in clear-text
and can be read by anyone with access to the wires, that’s just how networking was designed …
E-mails are like a postcard, all you need to read them is access .

You can use GPG http://www.gnupg.org/
to encrypt your E-mail but it requires that sender and receiver both have it installed
and it requires key-management,passphrases etc etc …

Theres a GPG-extension for Thunderbird available,
it works very well and is relatively simple to set up

Use a password-manager like KeePass http://keepass.info/
it also has a password-generator,that way you can have unique log-ins for each account
and only need to remember one master-password .
Your log-ins are stored in a 256bit AES encrypted database .

andyman35 · December 19, 2007, 3:31am

gordon post:6:

Many boards send you your password by e-mail, f.ex if you forgot it, as a service…
usually they also tell you that the first thing you should do is change it ! …
… over SSL (HTTPS) of course
and you shouldn’t be using the same password for multiple accounts because there are punks who try to steal passwords and/or ■■■■■ accounts, God knows why …

By default EVERYTHING you send over the internet is in clear-text
and can be read by anyone with access to the wires, that’s just how networking was designed …
E-mails are like a postcard, all you need to read them is access .

You can use GPG http://www.gnupg.org/
to encrypt your E-mail but it requires that sender and receiver both have it installed
and it requires key-management,passphrases etc etc …

Theres a GPG-extension for Thunderbird available,
it works very well and is relatively simple to set up
Enigmail :: Add-ons for Thunderbird

Use a password-manager like KeePass http://keepass.info/
it also has a password-generator,that way you can have unique log-ins for each account
and only need to remember one master-password .
Your log-ins are stored in a 256bit AES encrypted database .

<<<Uses Opera which has a highly secure password manager built in (:WIN)