NETELLER does not encrypt passwords

[theblitz]

[ QUOTE ]
Wait, so you don't just have it entered automatically for you by firefox so you just have to hit the sign in button?

[/ QUOTE ]
That is a BIG no!!!!!

[Nigel]

[ QUOTE ]
This bothers me quite a bit. I was putting in the wrong password a few times and they closed my account. I called to get them to reopen it and the security guy told me that the password I was putting in was close to the right one, but I was just adding 3 extra letters to the end. So that means they can see your password and what you're trying to enter as your password.

Does this bother anyone else?

[/ QUOTE ]

They've always said to me they don't have this info available to them or the secure ID even. When I've accidentally started to give out the secure ID on the phone with them, they've stopped me mid sentence.

Not doubting what you are relating, just saying it's contrary to what I had believed there protocol was/is. Scary stuff.

Nigel

[AngusThermopyle]

He asked you for your password?

Security Guidelines
In order to protect your NETELLER account, please keep the following guidelines in mind:

1. Never share your NETELLER Password or Secure ID with anyone. You will never be asked to disclose your password or Secure ID by a NETELLER representative or anyone affiliated with NETELLER.

[AliasMrJones]

[ QUOTE ]
[ QUOTE ]
Here's an example. Say your password is "love". When encrypted, "love" turns into "$ds2sdf". You store "$ds2sdf" in the database as the encrypted password. Now when someone types in "love" as the password, it is encrypted to "$ds2sdf" and compared to what is in the database. It matches so it authenticates you. However, other combinations of characters can also encrypt to "$ds2sdf" so there is no way to decrypt "$ds2sdf" to love. (There is a way to get a user's password in this case. It is called brute force cracking. Basically you try every possible combination of characters, encrypt each one and compare to the encrypted password. It would take a very long time, assuming you have a decent password.)

[/ QUOTE ]

Wow never knew how internet encryption worked. So if my pw was love, but sand gave the same encrypted value...either would work as my pw?

[/ QUOTE ]

In theory, maybe, but there are so many combinations of characters (including caps, lower, numbers, symbols) that in practice this just isn't going to happen. The important thing is that it is one-way and there is no way to get to the exact original password even if you know the encrypted form and the encryption method.

[theblitz]

I just e-mailed them and asked - let's see what answer I get.

I'll post it as soon as I do.

I sent them a link to this thread so they will know what I am talking about.

[Sponger15SB]

[ QUOTE ]
[ QUOTE ]
Wait, so you don't just have it entered automatically for you by firefox so you just have to hit the sign in button?

[/ QUOTE ]
That is a BIG no!!!!!

[/ QUOTE ]

Why?

Also, I'm not worried about people stealing my $0.00

[AngusThermopyle]

[ QUOTE ]
I just e-mailed them and asked - let's see what answer I get.

I'll post it as soon as I do.

I sent them a link to this thread so they will know what I am talking about.

[/ QUOTE ]

That makes 2 e-mails with links sent. [img]/images/graemlins/cool.gif[/img]

[AliasMrJones]

[ QUOTE ]
[ QUOTE ]
This is 100% wrong. In most applications

[/ QUOTE ]
Within your first seven words you contradicted yourself. [img]/images/graemlins/wink.gif[/img]

[/ QUOTE ]

No I didn't. The original quote was:

[ QUOTE ]
Even if Neteller were to take an extra security step and store your password on its servers in encrypted form, staff whose job it is to work with passwords would be able to decrypt and view passwords at will.

[/ QUOTE ]

This IS 100% wrong. If Neteller encrypted the passwords there would be no way to decrypt and view the passwords at will. Apparently Neteller doesn't encrypt their passwords. Ask any Windows, Unix or Linux network admin how to decrypt passwords in any of those systems. Even the system admin. YOU CAN'T.

I started by saying the quote above is 100% wrong. (Which it is.) And then, separately, described how most secure systems implement encrypted passwords. The 100% in the first part is correct (referring to the quote), and the "most" in the second part is correct as well (referring to applications/systems). Where is the contradiction?

[ QUOTE ]
[ QUOTE ]
[ QUOTE ]
This is 100% wrong. In most applications

[/ QUOTE ]
Within your first seven words you contradicted yourself. [img]/images/graemlins/wink.gif[/img]

[/ QUOTE ]

No I didn't.



[/ QUOTE ]

If you feel that strongly about being 100% right, you're 100% right. [img]/images/graemlins/smirk.gif[/img]

[theblitz]

Dunno.
Since I have all my sites' passwords entered automatically there is, I suppose, no real differance.