Sphinn Home » Sphinn Zone
Avatar Posted By: shiva 312 days ago
Topic Type: News Story (Jump to http://www.pagerank0.com)
Category: Sphinn Zone
Logic behind forgot password on Sphinn.com website could hurt the site in long run! These are steps to be taken OnSite and explains how important is a small technical part of a website. Not too late now for Sphinn.com, just take some couple of hours in development team and fix the logic. And if you have some sort of same logic in your website, take action right now. Read more for details..
5 Comments     

Comments

from Feydakin 312 days ago #
Votes: 2 | Vote:
+ -

I have to ask, did you contact them about this before you made your blog post??

from evilgreenmonkey 312 days ago #
Votes: 0 | Vote:
+ -

This post is very misleading. Passwords are only reset after email verification - if you don't click the link in the email, your password isn't reset. We also tell people to change the password as soon as they login with the default password. This was already on our radar, and we will be changing the process of resetting a password. It is not however a security risk.

from shiva 312 days ago #
Votes: 0 | Vote:
+ -

I agree the passwords are reset only after email verification, I have not written anything about that in post - what I was pointing is that the password is reset to "password" for everyone who does that and not auto generated - I am glad it is in the radar and actions are taken.

  

from shiva 312 days ago #
Votes: 0 | Vote:
+ -

@Michelle:

Hi, Again, I have not misintrepreted how an activation email is sent and I didn't question that at all and didn't go to that topic anywhere. Being a technical person myself - I would not approve a logic that gives a standard password for anyone who resets their password.

Assume we have a banking application and if and when a user (and that too any user) resets their password, if the application changes the password to be password - will we agree?

from mychildbook 57 days ago #
Votes: 0 | Vote:
+ -

Hm, maybe it is not such a big problem that password is changed to default "password" phrase, but for me wasthe  problem where to change the password. They said only to change password when log again, but they don't say where to click to change it... I'm not new to internet and computers, but despite that, it took me more than 15 minutes to find the way. Try to imagine how much time it would take for an unexperienced person to find it? Or a person who is not so good in english? And try to imagine that during that time someone can succeed to hack somebody's account.


Log in to comment or register here.

Sphinn Sponsors

Be a Sphinn Sponsor - Click Here

Top 10 Most Sphunn
In What's New

  1. It’s All About Local Organic Domina... (18)
  2. Avoiding Twitter Spammers (15)
  3. Free PDF SEO Guide Ebook by Hobo-We... (15)
  4. Where the European SEO industry rea... (14)
  5. Online Genesis: Chapter 1 (And Part... (13)
  6. We do want what Google Suggest! (13)
  7. Twitter Unveils New UI; What This M... (13)
  8. Some Rules To Follow As An Internet... (11)
  9. Real time search engines; the hype ... (10)
  10. SEO Checklist for Website Server Mi... (8)

Latest Comments

Search Marketing Expo

Save the date for:
SMX Singapore - July 2-3, 2009
SMX São Paulo - August 4-5
SMX East - October 5-7, 2009
SMX Stockholm - 12-13 October, 2009
SMX Mexico - November 11, 2009

Search Marketing Now

Learn more about search marketing through free online webcasts and webinars from our sister site Search Marketing Now.

Upcoming Webcasts: