Disappointed, you send a PASSWORD in plain text...

I'm new to this forum, but not new to malware and virus removal. It is with great disappointment that I see you violate basic privacy by sending the password to the person in clear/plain text.

If you are going to do this. PLEASE PLEASE PLEASE modify your registration paragraph to state that you will be sending that password to them in clear text. If they pride themselves in a fairly confidential password, use a temporary password.... and then change it after initial logon.

I don't understand, we don't and never have/never will ask for anyone's password? The details entered are kept private under MD5 hash, and no one can see them, not even me.

Belahzur wrote:

I don't understand, we don't and never have/never will ask for anyone's password? The details entered are kept private under MD5 hash, and no one can see them, not even me.

Thanks for your reply, but perhaps I didn't write my thought clearly, or you misunderstood. Sorry either way. I didn't say "ask" I said "send" or publish. You state: "No can see them?(password)" The system is encrypted... then why send that same password to the user in plain sight? And if you change a password, you do NOT send subsequent passwords via email. What is the difference?

Since a newbe probably has limited numbers of passwords they use, then why compromise the one they used to register on this site with a plain/text email message displaying that password? Worse, and shame on you (geekpolice, not personal), you encourage the new user (by email) to "Please keep this email in your savebox" which is both their username and their password. Yes, save your username.... but for goodness sake, do not save your password on paper, on a potentially compromised system, heck don't save a password on any system in clear text. Very Bad Practice. (In my humble opinion; shared by NIST, ISO, and ISC2 as well.) ~dw

GeekPolice doesn't have control of this and the only host that does it Frotumotion.com.

I am a Global Mod over there and I can say that no one else can see your password besides you. If you wish you can go ahead and contact are Admin who is Typlo about this matter so that he can pass it along the rest of the tech team. The only thing would be that it might not be possible seeing that Forumotion picks what they want and what the techs can do at the time. So please don't get made at GeekPolice since they don't have any control of this.

I put in all those funny icons... I'm not upset; perhaps disappointed. If we (those of us that fight malware, virus and bad stuff that protect our computer's integrity and privacy) don't take that same security and privacy seriously, then who will.

I figured you didn't own the process.... but YOU do own the message. It is within your capability to change your welcome message.... prompting a person to register by including something that says your password will be mailed to you. Simple to fix... don't make a big deal about it... just consider what you are trying to represent... and make a small fix in the verbage.... as I said before, and as you said: this is hosted, you can't control the process... but YOU can control the text in the box to register. ~dw

it all seems a bid padantic (or however its spelt) that you care so much about us being emailed our passwords. It is likely an automated system that sends each new user their details so they don't forget, and (if like me) people use yahoo mail, it is an incredibly secure mail service that is difficult to compromise. Your worries are that of other people hacking the account (understandable) and then seeing the password, only to then know what it is because of the email. But seriously, people have more than one password, especially people who have a computer network at their school (given a username and password) or workplace. If we cared as much as you do about our privacy,we would delete those emails, i personally do delete most emails that tell me my password, but for the simple fact i can remember it.
I wouldn't make such a big deal, but you obviously take computer virus's seriously so i won't judge you, all i'm saying is that our privacy is up to us, not the website that gives people an option to delete or keep the email...

megatails5 wrote:

It is likely an automated system that sends each new user their details so they don't forget, and (if like me) people use yahoo mail, it is an incredibly secure mail service that is difficult to compromise.

Respectfully, Sending passwords in any form (mail included) is bad practice. Worse if you are held to a higher standard, aka: geek police.

If we are going to send someone (even one time) their password in clear text...tell them about it as part of the "automated" registration process before hand."

Moderator: You can close this topic. Thanks for sharing your thoughts. ~dw