News2 mins ago
Password Change Bug
22 Answers
Following on from APG's post, I thought I would change my own password, in part to see why the system would not accept her new password. I found myself unable to do so...
Until, that is, I thought to enter the new password as my "current" password in the final box, and then it *was* updated. I have checked, and the new password is now accepted, so I've successfully changed my password now.
Needless to say, this is seriously flawed as a security measure. If an account is ever active and accessible (eg on a computer left briefly unattended), anybody could change the password without ever needing to know the original.
Until, that is, I thought to enter the new password as my "current" password in the final box, and then it *was* updated. I have checked, and the new password is now accepted, so I've successfully changed my password now.
Needless to say, this is seriously flawed as a security measure. If an account is ever active and accessible (eg on a computer left briefly unattended), anybody could change the password without ever needing to know the original.
Answers
Best Answer
No best answer has yet been selected by jim360. Once a best answer has been selected, it will be shown here.
For more on marking an answer as the "Best Answer", please visit our FAQ.cross-linking AuntPollyGrey's posts:
https:/ /www.th eanswer bank.co .uk/Cha tterBan k/Quest ion1755 455.htm l
https:/ /www.th eanswer bank.co .uk/AB- Editors -Blog/Q uestion 1755461 .html
https:/
https:/
-- answer removed --
Anyone filling in their real details on their profile page must be mad!
Any data leak would include full name/ date of birth/ gender/marital status/full address including post code/phone number, along with interests and life motivations - and someone can change their password without inputing the old one, or even asking for a password change. Madness.
Any data leak would include full name/ date of birth/ gender/marital status/full address including post code/phone number, along with interests and life motivations - and someone can change their password without inputing the old one, or even asking for a password change. Madness.
I've tried changing things on my profile page without success, despite guidance from a few, and Ab Editor. I gave up in the end.
APG:
// Well they could start with their emails! Sent 2 so far with no response. //
We have received no emails from you.
// Do I also have to accept that if there is a data leak/cyber attack call it what you like, on a Friday, then nothing is done about it until Monday morning? It would take literally seconds for admin to check the site twice a day. //
Our IT team would be alerted by our 24/7 system if there was a cyber attack on the site and it would be dealt with immediately.
// I an deal with that -just bloody annoyed AB admin could not care a hoot -god knows who is harvesting the site for data. //
Please, be more combative, it really makes me want to help.
// Well they could start with their emails! Sent 2 so far with no response. //
We have received no emails from you.
// Do I also have to accept that if there is a data leak/cyber attack call it what you like, on a Friday, then nothing is done about it until Monday morning? It would take literally seconds for admin to check the site twice a day. //
Our IT team would be alerted by our 24/7 system if there was a cyber attack on the site and it would be dealt with immediately.
// I an deal with that -just bloody annoyed AB admin could not care a hoot -god knows who is harvesting the site for data. //
Please, be more combative, it really makes me want to help.