03-22-2009, 03:59 AM | #1 |
Evangelist
Posts: 478
Karma: 451808
Join Date: Feb 2009
Location: California, USA
Device: my two eyes, KLiiK, Sony PRS-700
|
Dangerous practices -- sending passwords
Just a word of warning to those of you who may be registering an account with BooksOnBoard or eBooks. They have this horrendous practice whereby they send you a confirmation email with the password you registered your account in. I have emailed both companies to alert them of the problem and to ask them to remedy the problem.
As many of you know, email is an insecure form of electronic transmission (unless you are using signed email or PGP, but 99% of email traffic is not using those forms of security) and companies should not be emailing you your passwords. I'm surprised that in this day and age such "revolutionary" companies are still making mistakes like this that one would see in the early years of public usage of the internet circa 1993. |
03-22-2009, 04:10 AM | #2 | |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Quote:
Are you really so concerned about the security of your e-mail that you consider this to be a problem? |
|
03-22-2009, 05:27 AM | #3 |
Zealot
Posts: 135
Karma: 150
Join Date: Mar 2009
Device: none
|
I also know that this is a standard to keep you informed of your username and password in which you registered. For some, the link to verify you account is also sent in the email to confirm if that is you email also and if you registered using that email add. No big deal with that one and others knowing it unless your email add is hacked.
|
03-22-2009, 05:55 AM | #4 | ||
Addict
Posts: 371
Karma: 1002274
Join Date: Mar 2008
Location: Australia
Device: Kindle
|
Quote:
It is a security threat for me because I have my GMail on my iGoogle homepage. If I leave my computer unattended, anyone can see when I receive an email that begins: Quote:
I make sure to register on new sites with a temporary password and then change it to one of my standard passwords once I'm sure the site wont be reckless with my account details. I hope BooksOnBoard will change their policy of emailing passwords. |
||
03-22-2009, 05:57 AM | #5 |
Wizard
Posts: 1,686
Karma: 874275
Join Date: Nov 2008
Location: Virginia Beach, VA
Device: Kindle DX
|
Heck, when you forget your password, most sites will simply email it to you at your registered email address...
I am not really worried about it. If you are worried about it simply change it after getting your initial confirmation email |
03-22-2009, 06:02 AM | #6 | |
Guru
Posts: 988
Karma: 12653
Join Date: Apr 2008
Device: None of your business
|
Quote:
-MJ |
|
03-22-2009, 06:17 AM | #7 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
|
03-22-2009, 06:24 AM | #8 |
Guru
Posts: 988
Karma: 12653
Join Date: Apr 2008
Device: None of your business
|
Is BooksOnBoard or eBooks actually doing that? I had gathered we were only discussing the initial registration. Most sites I've seen send confirmation emails informing that the password has changed but block out the password. Sending it out each time is disturbing.
-MJ |
03-22-2009, 06:28 AM | #9 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Not, I don't think they do that - it's just the initial password.
|
03-22-2009, 07:18 AM | #10 | |
Wizard
Posts: 1,462
Karma: 6061516
Join Date: May 2008
Location: Cascais, Portugal
Device: Kindle PW, Samsung Galaxy Note Pro 12.2", OnePlus 6
|
Quote:
And as pointed, if you forget your password, they have to email it to you anyway. |
|
03-22-2009, 08:19 AM | #11 | |
Addict
Posts: 371
Karma: 1002274
Join Date: Mar 2008
Location: Australia
Device: Kindle
|
Quote:
It's not a problem for me because I'm careful with this sort of thing. But I think it is a bad policy because there are people who share email accounts and aren't as aware of online security risks. |
|
03-22-2009, 08:21 AM | #12 |
Addict
Posts: 371
Karma: 1002274
Join Date: Mar 2008
Location: Australia
Device: Kindle
|
|
03-22-2009, 09:49 AM | #13 |
Evangelist
Posts: 478
Karma: 451808
Join Date: Feb 2009
Location: California, USA
Device: my two eyes, KLiiK, Sony PRS-700
|
Not in my experience. Most eCommerce sites I've dealt with do not email the password in plain text.
|
03-22-2009, 09:50 AM | #14 |
Evangelist
Posts: 478
Karma: 451808
Join Date: Feb 2009
Location: California, USA
Device: my two eyes, KLiiK, Sony PRS-700
|
Exactly. It's when the email is in transit that that I am fearful of. Email has to go through various servers before actually reaching the final server destination.
|
03-22-2009, 10:10 AM | #15 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
And what dire consequences might result from the interception of your BooksOnBoard password?
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Classic Passwords etc | Pomtroll | Barnes & Noble NOOK | 3 | 04-03-2013 01:25 PM |
Is there a way to create new users and passwords in the built-in server? | txusti | Calibre | 5 | 10-05-2010 02:17 AM |
Confused by behavior of two pdfs w/permissions passwords, but no open passwords/DRM | grr | 0 | 12-21-2009 02:21 PM | |
How do you keep your e-book DRM passwords? | Bob Russell | Alternative Devices | 23 | 07-17-2008 02:34 PM |
IE security patch disables passwords in URLs | Alexander Turcic | Lounge | 0 | 02-09-2004 06:29 AM |