Active discussions

Meet the Other Phone. Only the apps you allow.

Meet the Other Phone.
Only the apps you allow.

Buy now

Please or to access all these features

Talk
AIBU?

Share your dilemmas and get honest opinions from other Mumsnetters.

Original poster

..to think people shouldn't store your password or email it to you?

15 replies

PetraDelphiki · 29/09/2015 16:14

I just joined the National Landlords Association and they have very kindly just emailed me to tell me my account number and security code (in plain text)...honestly do they not know anything about computer security????

OP posts:
Original poster
PetraDelphiki · 29/09/2015 16:17

Particularly when they insist on extremely secure passwords - they won't let you enter one without numbers, letters and punctuation!

OP posts:
ItsAllGoingToBeFine · 29/09/2015 16:18

Well, obviously they need to store your password,but it should be encrypted, and no, they should not be emailing it to you in plaintext, although in reality the risk is fairly low.

NaughtToThreeSadOnions · 29/09/2015 16:19

Sites that do this tend to send out a unique but nonsense password say 23AbQwerty10 this is used to varify you've logged in for the first time and then when you log in you can not enter the actual site until you change the password!

NaughtToThreeSadOnions · 29/09/2015 16:20

Oh is it a password you've entered rather than one just given to you for the first log in then no they shouldn't be sending to you in plain text!

Original poster
PetraDelphiki · 29/09/2015 16:40

Nope it was the one I entered!! And they never need to store anything other than the hash of the password ! Good design suggests that you shouldn't be able to recover your password from their servers...if you lose it you should have to reset!

I know the risk is pretty low it just really annoys me!

OP posts:
coolsurfer · 29/09/2015 21:12

Mate no one is going to hijack your account. For what.....a landlord obligation legal guide? Just make sure you protect the deposit and chill dude

NaughtToThreeSadOnions · 29/09/2015 22:23

Cool surfer I think it's more the principle of it it shouldn't be done!

Original poster
PetraDelphiki · 29/09/2015 22:38

Absolutely it's the principle of the thing...plus unless you are one of the very few people who have completely separate passwords for everything you do, sight of one password could give access to a whole host of other things...as various people found out here recently!

Plus website designers should know better!!!!

OP posts:
Original poster
PetraDelphiki · 03/10/2015 11:52

It's even worse...they sent me my joining pack...with my security code in plain text in the letter!!!

Do they not know ANYTHING about website security??????

OP posts:
CatMilkMan · 03/10/2015 11:57

That's absolutely ridiculous, can you refuse to work with them? They have an absolutely massive security failure and apparently don't give a shit or are just incredibly ignorant.

NaughtToThreeSadOnions · 03/10/2015 12:24

What how in this day an age do they think this is a way to conduct an online business?

I would have thought not sending passwords in plain text by post was rule number 1!

Before anyone goes it's only this and no ones going to hack the account possiably not but to not use such basic procedures to me is slightly worrying and it could have been another organisation using such lax security

kali110 · 03/10/2015 13:06

I'm on a few sites where if you forget your assword they send it to you. I'm very grateful, i have to many to remember.

NaughtToThreeSadOnions · 03/10/2015 14:06

They do Kali but it's better to say you have to reset it it's easy you just send a password reset to the registered email

Lweji · 03/10/2015 14:10

To be fair, if anyone wanted to enter your account and had access to your email, then sending a password or a link to reset it's pretty much the same.

ragged · 03/10/2015 15:30

I've got my password in plain text in (plenty of) recent emails. It's not a big deal to me.

New posts on this thread. Refresh page