Announcement

Collapse
No announcement yet.

Warning about password change email.

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Zachery
    replied
    Originally posted by Selrion View Post
    Mr. Luke, please don't say about a vBulletin price.This price was determined by Jelsoft, not by us. I think a lot of us would pay much more for vBulletin, 'cause I can not emagine such forum software, that could be a little better than vBulletin and more expensive than $160. I mean, Jelsoft is positioning vBulletin as a low-cost software. I just can not emagine a high-cost software. But this is not the case. I think that customer must have an ability to change their password to prevent their license to be stolen as fast as it possible to do...
    There is enterprise level forum software that starts at 2000 US a month.

    Leave a comment:


  • Selrion
    replied
    Originally posted by Steve Machol View Post
    Note: We have never positioned vB as 'low cost software'.
    From http://www.vbulletin.com/about.php:
    Originally posted by about.php
    Jelsoft Enterprises Ltd is a UK based new media company specialising in developing low-cost, high-performance web applications.

    Leave a comment:


  • Steve Machol
    replied
    Note: We have never positioned vB as 'low cost software'. Furthermore we have not had a single price increase since we started in 2000. Given inflation and the fall of the dollar, vB is actually substantially less expensive today than it was in 2000.

    Leave a comment:


  • Selrion
    replied
    Mr. Luke, please don't say about a vBulletin price.This price was determined by Jelsoft, not by us. I think a lot of us would pay much more for vBulletin, 'cause I can not emagine such forum software, that could be a little better than vBulletin and more expensive than $160. I mean, Jelsoft is positioning vBulletin as a low-cost software. I just can not emagine a high-cost software. But this is not the case. I think that customer must have an ability to change their password to prevent their license to be stolen as fast as it possible to do...

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by ChipTz View Post
    I still don't get the need of a reset/reminder question.

    We get emails all the time that go something like this:
    Hi, I am the owner of xyzforums.com and I forgot my customer ID and password. Please send a new one to this address.
    Now many of these are legitimate requests and they are the owner of the site. They just have a new email address. However quite a few are people trying to steal the license. Now we used to ask for the purchase information including name, address, email, billing type and transaction ID. People complained this is too personal. So we instituted the secret question/answer thing.

    This has been in place for 3 years now and must be answered before you download for the first time. Using this allows another level of validation on your license to protect your investment. Some people will say its only $160.00 piece of software and this isn't necessary but for some customers that is a hefty investment and even if it isn't it is something you paid for and could cost you a lot more if your license is compromised because we were not diligent.

    Leave a comment:


  • ChipTz
    replied
    I still don't get the need of a reset/reminder question.

    Leave a comment:


  • Cool Matty
    replied
    Originally posted by ManagerJosh View Post
    I think you're missing the point. Passwords were originally delivered plain-texted and I don't recall a single complaint. Passwords are now updated, and once more delivered plain-texted but there are complaints? That seems like a huge double-standard.
    Apologies for not having time to complain the first time?

    Leave a comment:


  • ManagerJosh
    replied
    I think you're missing the point. Passwords were originally delivered plain-texted and I don't recall a single complaint. Passwords are now updated, and once more delivered plain-texted but there are complaints? That seems like a huge double-standard.

    Leave a comment:


  • Cool Matty
    replied
    Originally posted by ManagerJosh View Post
    I don't seem to recall a similar complaint when the passwords were first delivered to a customer.
    So? The issue remains, regardless of how long it's been in effect.

    Leave a comment:


  • ManagerJosh
    replied
    Originally posted by Cool Matty View Post
    So instead of using this method that supposedly involves more hijacked accounts, you send the password, insecurely, over email, one of the most insecure methods of communication on the internet.

    Not to mention you are forcing users to keep a password they can't easily remember, meaning many will do stupid things like keep it in text files, put it on a post-it note, save it in their browser, or worse.
    I don't seem to recall a similar complaint when the passwords were first delivered to a customer.

    Leave a comment:


  • Cool Matty
    replied
    Originally posted by Wayne Luke View Post
    The system isn't built to allow users to change passwords. This dramatically reduces the amount of issue with hijacked accounts.
    So instead of using this method that supposedly involves more hijacked accounts, you send the password, insecurely, over email, one of the most insecure methods of communication on the internet.

    Not to mention you are forcing users to keep a password they can't easily remember, meaning many will do stupid things like keep it in text files, put it on a post-it note, save it in their browser, or worse.

    Leave a comment:


  • Wayne Luke
    replied
    The system isn't built to allow users to change passwords. This dramatically reduces the amount of issue with hijacked accounts.

    Leave a comment:


  • Cool Matty
    replied
    Originally posted by Wayne Luke View Post
    You can request a new password to be sent to you here:
    http://members.vbulletin.com/lostpw.php

    If you use SSL/TLS to access your email, then any direct attacks on you will be circumvented.
    Except, of course, for the numerous servers it needs to travel through to reach our email.

    Why was it deemed necessary to reset? Wouldn't just expiring the current passwords and having users change them themselves on login be a far better approach?

    Leave a comment:


  • Wayne Luke
    replied
    You can request a new password to be sent to you here:
    http://members.vbulletin.com/lostpw.php

    If you use SSL/TLS to access your email, then any direct attacks on you will be circumvented.

    Leave a comment:


  • ChipTz
    replied
    Hello,

    This topic is being discussed also in the chit chat area, but since I think this is the correct forum to do it, I have two concerns regarding this change:

    1. the password was sent on a plain text e-mail... not too secure... and I don't know where to change it also

    2 .I 'd like to request that the question + password hint isn't mandatory, after all, looking at the questions, I'd say that someone who knows me (and it hasn't got to be my best friend) and knows that I have a vB licence wouldn't have too much trouble on finding the correct answer to most of the questions. In fact, some of them are quite easy... like, your favorite colour... look at the rainbow and guess... you favourite ice cream flavour... choose round abour 5 or 6 flavours and you'll have the flavours 90% of the people most like... the same for the other questions. At least the user should be able to not use a secret question hint for password. Have a reset code sent by mail, the same mail you used to send the new password or any other way to retrieve lost passwords but do not force us to use secret question + answer, especially if this was due to security + licence stealing concerns...

    Leave a comment:

widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X