Register Guidelines E-Books Search Today's Posts Mark Forums Read

Go Back   MobileRead Forums > E-Book General > News

Notices

Reply
 
Thread Tools Search this Thread
Old 03-22-2009, 04:59 AM   #1
thibaulthalpern
Evangelist
thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.
 
Posts: 478
Karma: 451808
Join Date: Feb 2009
Location: California, USA
Device: my two eyes, KLiiK, Sony PRS-700
Dangerous practices -- sending passwords

Just a word of warning to those of you who may be registering an account with BooksOnBoard or eBooks. They have this horrendous practice whereby they send you a confirmation email with the password you registered your account in. I have emailed both companies to alert them of the problem and to ask them to remedy the problem.

As many of you know, email is an insecure form of electronic transmission (unless you are using signed email or PGP, but 99% of email traffic is not using those forms of security) and companies should not be emailing you your passwords.

I'm surprised that in this day and age such "revolutionary" companies are still making mistakes like this that one would see in the early years of public usage of the internet circa 1993.
thibaulthalpern is offline   Reply With Quote
Old 03-22-2009, 05:10 AM   #2
HarryT
eBook Enthusiast
HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.
 
HarryT's Avatar
 
Posts: 65,465
Karma: 43935573
Join Date: Nov 2006
Location: UK
Device: Kindle Voyage, iPad Mini, iPhone 4, MS Surface Pro, N7
Quote:
Originally Posted by thibaulthalpern View Post
Just a word of warning to those of you who may be registering an account with BooksOnBoard or eBooks. They have this horrendous practice whereby they send you a confirmation email with the password you registered your account in. I have emailed both companies to alert them of the problem and to ask them to remedy the problem.

As many of you know, email is an insecure form of electronic transmission (unless you are using signed email or PGP, but 99% of email traffic is not using those forms of security) and companies should not be emailing you your passwords.

I'm surprised that in this day and age such "revolutionary" companies are still making mistakes like this that one would see in the early years of public usage of the internet circa 1993.
This is an entirely standard practice - indeed, I struggle to think of any site which DOESN'T e-mail you your password for your records.

Are you really so concerned about the security of your e-mail that you consider this to be a problem?
HarryT is online now   Reply With Quote
Old 03-22-2009, 06:27 AM   #3
Jill75
Zealot
Jill75 doesn't litterJill75 doesn't litter
 
Posts: 135
Karma: 150
Join Date: Mar 2009
Device: none
I also know that this is a standard to keep you informed of your username and password in which you registered. For some, the link to verify you account is also sent in the email to confirm if that is you email also and if you registered using that email add. No big deal with that one and others knowing it unless your email add is hacked.
Jill75 is offline   Reply With Quote
Old 03-22-2009, 06:55 AM   #4
RobbieClarken
Addict
RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.
 
Posts: 372
Karma: 1002274
Join Date: Mar 2008
Location: Australia
Device: Kindle
Quote:
Originally Posted by HarryT View Post
This is an entirely standard practice - indeed, I struggle to think of any site which DOESN'T e-mail you your password for your records.

Are you really so concerned about the security of your e-mail that you consider this to be a problem?
I disagree. Very few e-commerce sites that I've subscribed to send passwords nowadays. I'm always quite shocked when I see my password in an email and make an effort to permanently delete that email immediately.

It is a security threat for me because I have my GMail on my iGoogle homepage. If I leave my computer unattended, anyone can see when I receive an email that begins:

Quote:
Thank you for registering with BooksOnBoard!
Your new username and password are as follows:
If I hadn't caught the message in time, nosey people might then be tempted to open that email.

I make sure to register on new sites with a temporary password and then change it to one of my standard passwords once I'm sure the site wont be reckless with my account details. I hope BooksOnBoard will change their policy of emailing passwords.
RobbieClarken is offline   Reply With Quote
Old 03-22-2009, 06:57 AM   #5
rcuadro
Wizard
rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.rcuadro ought to be getting tired of karma fortunes by now.
 
rcuadro's Avatar
 
Posts: 1,688
Karma: 874275
Join Date: Nov 2008
Location: Virginia Beach, VA
Device: Kindle DX
Heck, when you forget your password, most sites will simply email it to you at your registered email address...
I am not really worried about it. If you are worried about it simply change it after getting your initial confirmation email
rcuadro is offline   Reply With Quote
Old 03-22-2009, 07:02 AM   #6
mjh215
Guru
mjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentameter
 
Posts: 989
Karma: 12653
Join Date: Apr 2008
Device: None of your business
Quote:
Originally Posted by HarryT View Post
Are you really so concerned about the security of your e-mail that you consider this to be a problem?
It is the transport that lacks security, once it is on your server you could have a very secure host. That is why you should always change any passwords emailed to you.

-MJ
mjh215 is offline   Reply With Quote
Old 03-22-2009, 07:17 AM   #7
HarryT
eBook Enthusiast
HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.
 
HarryT's Avatar
 
Posts: 65,465
Karma: 43935573
Join Date: Nov 2006
Location: UK
Device: Kindle Voyage, iPad Mini, iPhone 4, MS Surface Pro, N7
Quote:
Originally Posted by mjh215 View Post
It is the transport that lacks security, once it is on your server you could have a very secure host. That is why you should always change any passwords emailed to you.

-MJ
... and then the site e-mails you the new password .
HarryT is online now   Reply With Quote
Old 03-22-2009, 07:24 AM   #8
mjh215
Guru
mjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentametermjh215 can solve quadratic equations while standing on his or her head reciting poetry in iambic pentameter
 
Posts: 989
Karma: 12653
Join Date: Apr 2008
Device: None of your business
Quote:
Originally Posted by HarryT View Post
... and then the site e-mails you the new password .
Is BooksOnBoard or eBooks actually doing that? I had gathered we were only discussing the initial registration. Most sites I've seen send confirmation emails informing that the password has changed but block out the password. Sending it out each time is disturbing.

-MJ
mjh215 is offline   Reply With Quote
Old 03-22-2009, 07:28 AM   #9
HarryT
eBook Enthusiast
HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.
 
HarryT's Avatar
 
Posts: 65,465
Karma: 43935573
Join Date: Nov 2006
Location: UK
Device: Kindle Voyage, iPad Mini, iPhone 4, MS Surface Pro, N7
Not, I don't think they do that - it's just the initial password.
HarryT is online now   Reply With Quote
Old 03-22-2009, 08:18 AM   #10
Over
Wizard
Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.Over ought to be getting tired of karma fortunes by now.
 
Over's Avatar
 
Posts: 1,449
Karma: 3949068
Join Date: May 2008
Location: Cascais, Portugal
Device: Cybook Gen3, Kindle DXi, Kindle 3, iPad and iPhone 4
Quote:
Originally Posted by epiphany View Post
I disagree. Very few e-commerce sites that I've subscribed to send passwords nowadays. I'm always quite shocked when I see my password in an email and make an effort to permanently delete that email immediately.

It is a security threat for me because I have my GMail on my iGoogle homepage. If I leave my computer unattended, anyone can see when I receive an email that begins:
That's the same as leaving your keys in the car. That's you who is having a risky behaviour. Sure, you can say a thief can brake a window and start the engine easily, but that doesn't stop you from leaving the can in public places, right?

And as pointed, if you forget your password, they have to email it to you anyway.
Over is offline   Reply With Quote
Old 03-22-2009, 09:19 AM   #11
RobbieClarken
Addict
RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.
 
Posts: 372
Karma: 1002274
Join Date: Mar 2008
Location: Australia
Device: Kindle
Quote:
Originally Posted by Over View Post
That's the same as leaving your keys in the car. That's you who is having a risky behaviour. Sure, you can say a thief can brake a window and start the engine easily, but that doesn't stop you from leaving the can in public places, right?

And as pointed, if you forget your password, they have to email it to you anyway.
You're right that people can alleviate the security risk but people don't for a variety of reasons (for me it would be too much of an inconvenience to log out of GMail all the time or create a separate email account just for sites like BooksOnBoard). That is why most websites don't email you your password. If you forget your password, BooksOnBoard will email you a new one which isn't a problem. The problem is that when you set a password, BooksOnBoard will email it and other people might see that email before you notice it.

It's not a problem for me because I'm careful with this sort of thing. But I think it is a bad policy because there are people who share email accounts and aren't as aware of online security risks.
RobbieClarken is offline   Reply With Quote
Old 03-22-2009, 09:21 AM   #12
RobbieClarken
Addict
RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.RobbieClarken ought to be getting tired of karma fortunes by now.
 
Posts: 372
Karma: 1002274
Join Date: Mar 2008
Location: Australia
Device: Kindle
Quote:
Originally Posted by HarryT View Post
Not, I don't think they do that - it's just the initial password.
Actually they send out your password every time you change it (I just tested it).
RobbieClarken is offline   Reply With Quote
Old 03-22-2009, 10:49 AM   #13
thibaulthalpern
Evangelist
thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.
 
Posts: 478
Karma: 451808
Join Date: Feb 2009
Location: California, USA
Device: my two eyes, KLiiK, Sony PRS-700
Quote:
Originally Posted by rcuadro View Post
Heck, when you forget your password, most sites will simply email it to you at your registered email address...
I am not really worried about it. If you are worried about it simply change it after getting your initial confirmation email
Not in my experience. Most eCommerce sites I've dealt with do not email the password in plain text.
thibaulthalpern is offline   Reply With Quote
Old 03-22-2009, 10:50 AM   #14
thibaulthalpern
Evangelist
thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.thibaulthalpern ought to be getting tired of karma fortunes by now.
 
Posts: 478
Karma: 451808
Join Date: Feb 2009
Location: California, USA
Device: my two eyes, KLiiK, Sony PRS-700
Quote:
Originally Posted by mjh215 View Post
It is the transport that lacks security, once it is on your server you could have a very secure host. That is why you should always change any passwords emailed to you.

-MJ
Exactly. It's when the email is in transit that that I am fearful of. Email has to go through various servers before actually reaching the final server destination.
thibaulthalpern is offline   Reply With Quote
Old 03-22-2009, 11:10 AM   #15
HarryT
eBook Enthusiast
HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.HarryT ought to be getting tired of karma fortunes by now.
 
HarryT's Avatar
 
Posts: 65,465
Karma: 43935573
Join Date: Nov 2006
Location: UK
Device: Kindle Voyage, iPad Mini, iPhone 4, MS Surface Pro, N7
And what dire consequences might result from the interception of your BooksOnBoard password?
HarryT is online now   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Classic Passwords etc Pomtroll Barnes & Noble NOOK 3 04-03-2013 02:25 PM
Is there a way to create new users and passwords in the built-in server? txusti Calibre 5 10-05-2010 03:17 AM
Confused by behavior of two pdfs w/permissions passwords, but no open passwords/DRM grr PDF 0 12-21-2009 03:21 PM
How do you keep your e-book DRM passwords? Bob Russell Alternative Devices 23 07-17-2008 03:34 PM
IE security patch disables passwords in URLs Alexander Turcic Lounge 0 02-09-2004 07:29 AM


All times are GMT -4. The time now is 11:09 AM.


MobileRead.com is a privately owned, operated and funded community.