Page 1 of 3 123 LastLast
Results 1 to 10 of 27
Like Tree21Likes

Thread: Vendor Account Security

  1. #1
    Senior Member
    Join Date
    Nov 2013
    Location
    Brisbane
    Posts
    451

    Vendor Account Security

    Hi all,

    Just a general rant incoming, paranoid PSA.

    As I'm sure most of you have, I've created accounts for ordering various bits and bobs with a number of vendors.

    One thing that I've noticed that has me slightly concerned is that some vendors confirmation emails that I receive after creating an account include the plaintext password that I generated for that site. Whilst that might not seem like a big deal what this tells me is that the vendor is storing my password in such a manner that it can be decrypted easily by them. Whilst your password needs to be stored by them, it should be stored in such a manner that they are unable to get the plaintext version of the passsword. I won't delve into the techo bits, but this isn't the way it should be.

    This a pretty lax security measure so I'd recommend that you don't reuse any passwords across multiple sites (generally a good practice anyway).

    Cheers

    Paranoid Apoc
    Noe, lastchance and oogy like this.

  2. #2
    AVF Regular
    Join Date
    Mar 2013
    Location
    SW VIC near Hamilton
    Posts
    3,811
    Paranoia saw me coming, and I ran. Apoc how do you catalog all your passwords. Writing it down is a no no, and its so easy to forget multiple combos etc. Can you suggest a solution? I hear what you are saying!!!
    Tokerz81 likes this.
    LIVE AND LET VAPE
    POWER TO THE P.V.
    OFF THE SMOKES FOREVER

  3. #3
    Noe
    Noe is offline
    AV Approved Manafacturer/Modder Chief Snus scientist
    Join Date
    Jan 2011
    Location
    In the deep dark recesses of your mind! .. Prophet of the Vapeoligists & keeper of the sacred Bewdy.
    Posts
    13,140
    Quote Originally Posted by Apoc View Post
    Hi all,

    Just a general rant incoming, paranoid PSA.

    As I'm sure most of you have, I've created accounts for ordering various bits and bobs with a number of vendors.

    One thing that I've noticed that has me slightly concerned is that some vendors confirmation emails that I receive after creating an account include the plaintext password that I generated for that site. Whilst that might not seem like a big deal what this tells me is that the vendor is storing my password in such a manner that it can be decrypted easily by them. Whilst your password needs to be stored by them, it should be stored in such a manner that they are unable to get the plaintext version of the passsword. I won't delve into the techo bits, but this isn't the way it should be.

    This a pretty lax security measure so I'd recommend that you don't reuse any passwords across multiple sites (generally a good practice anyway).

    Cheers

    Paranoid Apoc
    I use different passwords for my Paypal & online banking account, then use different passwords for vendors to those & even some different passwords for different vendors. The main ones are the Paypal & Bank account/credit card to have different.
    Even if the vendor has your password info for their site, they can't make a PP or CC transaction if they don't have those Pwords(CC maybe but then they are committing fraud & the bank will prosecute).
    My CC is a debit only account, if there are no funds in it it can't pay anyone anything, so I keep it near to empty of funds & transfer $ as needed to it.
    Gresh11 and smithpack0 like this.
    Officially #1 Customer and Supporter of Essiemessy's Custom made Glass Drip Tips!
    Essie's Glass DTs

    Sent from my kickass gaming PC using keyboard & fingers.

    The Dahli Lama once said, "People do not laugh enough & take life too seriously, causing stress." A good laugh can cure a build up of stress, stress is a leading cause of grey hair & early death.

    Vape Hard or go home and Vape Hard!

    I'd rather be sneezing than wheezing!

  4. #4
    AVF Regular
    Join Date
    Sep 2013
    Location
    WA
    Posts
    1,350
    Shinyitis keeps me skint so no need for me to worry.
    Gresh11, smithpack0 and Donna like this.

  5. #5
    AVF Regular
    Join Date
    Mar 2013
    Location
    SW VIC near Hamilton
    Posts
    3,811
    Quote Originally Posted by Noe View Post
    I use different passwords for my Paypal & online banking account, then use different passwords for vendors to those & even some different passwords for different vendors. The main ones are the Paypal & Bank account/credit card to have different.
    Even if the vendor has your password info for their site, they can't make a PP or CC transaction if they don't have those Pwords(CC maybe but then they are committing fraud & the bank will prosecute).
    My CC is a debit only account, if there are no funds in it it can't pay anyone anything, so I keep it near to empty of funds & transfer $ as needed to it.
    Do you write the passwords in code???
    LIVE AND LET VAPE
    POWER TO THE P.V.
    OFF THE SMOKES FOREVER

  6. #6
    Super Moderator
    Join Date
    Jan 2012
    Location
    Whyalla, SA
    Posts
    13,095
    Quote Originally Posted by Gresh11 View Post
    Do you write the passwords in code???
    Yes, doesn't everybody
    Ignore the Super-moderator tag in my profile, I have resigned from that position but admin have not updated my profile as yet

  7. #7
    Super Moderator
    Join Date
    Sep 2013
    Location
    Perth
    Posts
    3,718
    I write them all down however noone could ever decode it nor figure them out and trust me when I say no one It is in a langauge that doesnt exsist (only to me and the voices in my head) and the real important ones are only in my head and never written down

  8. #8
    AVF Regular
    Join Date
    Mar 2013
    Location
    SW VIC near Hamilton
    Posts
    3,811
    Quote Originally Posted by Duke916 View Post
    Shinyitis keeps me skint so no need for me to worry.
    Same, same. I'm not worried, just curious.
    LIVE AND LET VAPE
    POWER TO THE P.V.
    OFF THE SMOKES FOREVER

  9. #9
    AVF Regular
    Join Date
    Jul 2011
    Location
    Melb
    Posts
    5,139
    i use the same password for everything but my paypal, banking, and email. What if someone does know my aussievapers or vapeking password what can they do. post some spam.
    Gresh11 likes this.

  10. #10
    Noe
    Noe is offline
    AV Approved Manafacturer/Modder Chief Snus scientist
    Join Date
    Jan 2011
    Location
    In the deep dark recesses of your mind! .. Prophet of the Vapeoligists & keeper of the sacred Bewdy.
    Posts
    13,140
    My passwords are stored in my onboard memory unit (AKA brain)
    Rhojin likes this.
    Officially #1 Customer and Supporter of Essiemessy's Custom made Glass Drip Tips!
    Essie's Glass DTs

    Sent from my kickass gaming PC using keyboard & fingers.

    The Dahli Lama once said, "People do not laugh enough & take life too seriously, causing stress." A good laugh can cure a build up of stress, stress is a leading cause of grey hair & early death.

    Vape Hard or go home and Vape Hard!

    I'd rather be sneezing than wheezing!

 

 
Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Powered by vBulletin® Version 4.2.4
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
Search Engine Friendly URLs by vBSEO 3.6.0
All times are GMT +11. The time now is 11:45 PM.