NETELLER does not encrypt passwords

[theblitz]

[ QUOTE ]
Wait, so you don't just have it entered automatically for you by firefox so you just have to hit the sign in button?

[/ QUOTE ]
That is a BIG no!!!!!

[Sponger15SB]

[ QUOTE ]
[ QUOTE ]
Wait, so you don't just have it entered automatically for you by firefox so you just have to hit the sign in button?

[/ QUOTE ]
That is a BIG no!!!!!

[/ QUOTE ]

Why?

Also, I'm not worried about people stealing my $0.00

[theblitz]

Dunno.
Since I have all my sites' passwords entered automatically there is, I suppose, no real differance.

[PrincipalSkinner]

I would hope (and assume) that the "security guy" whom you dealt with is vetted a bit more thoroughly than the run-of-the-mill customer service rep. Having spoken at length with a couple of these neteller "security guys", however, I can assure you that neteller security does not inspire confidence in any regard. [img]/images/graemlins/shocked.gif[/img]

[PLOlover]

[ QUOTE ]
This bothers me quite a bit. I was putting in the wrong password a few times and they closed my account. I called to get them to reopen it and the security guy told me that the password I was putting in was close to the right one, but I was just adding 3 extra letters to the end.

[/ QUOTE ]

Really weird this exact same thing happened to me too. Seriously. The password limit length there is 20 characters I was told. They said they didn't know why the system let me input 23 in the first place.

Yeah, not confidence inspiring.

[pankwindu]

Wow. This is rather horrifying to be honest. As others have elaborated, it is Security 101 that passwords should never be stored in retrievable form. Only one-way hashes should be stored, period. CS reps/hackers/con men should never be able to get the password from storage. If the user forgets it, CS reps should have to reset to a new one, not be able to look up the old one.

Sure, your average web forum or whatever can get away with storing passwords, but it is simply inexcusable for a site that deals with money. And if their security department doesn't understand this incredibly basic security concept, who knows what else might be lacking.

[Nigel]

[ QUOTE ]
This bothers me quite a bit. I was putting in the wrong password a few times and they closed my account. I called to get them to reopen it and the security guy told me that the password I was putting in was close to the right one, but I was just adding 3 extra letters to the end. So that means they can see your password and what you're trying to enter as your password.

Does this bother anyone else?

[/ QUOTE ]

They've always said to me they don't have this info available to them or the secure ID even. When I've accidentally started to give out the secure ID on the phone with them, they've stopped me mid sentence.

Not doubting what you are relating, just saying it's contrary to what I had believed there protocol was/is. Scary stuff.

Nigel

[AngusThermopyle]

He asked you for your password?

Security Guidelines
In order to protect your NETELLER account, please keep the following guidelines in mind:

1. Never share your NETELLER Password or Secure ID with anyone. You will never be asked to disclose your password or Secure ID by a NETELLER representative or anyone affiliated with NETELLER.

[theblitz]

I just e-mailed them and asked - let's see what answer I get.

I'll post it as soon as I do.

I sent them a link to this thread so they will know what I am talking about.

[AngusThermopyle]

[ QUOTE ]
I just e-mailed them and asked - let's see what answer I get.

I'll post it as soon as I do.

I sent them a link to this thread so they will know what I am talking about.

[/ QUOTE ]

That makes 2 e-mails with links sent. [img]/images/graemlins/cool.gif[/img]