Get exclusive CAP network offers from top brands

View CAP Offers

Warning: Passwords unsecure.

[bsa_pro_ad_space id=2]
  • This topic is empty.
Viewing 15 posts - 1 through 15 (of 21 total)
  • Author
    Posts
  • #732872
    Anonymous
    Inactive

    Passwords should always, always, always be encrypted. Storing a password in a database “as is” makes it much easier for an evil-doer to hack into someone’s account.

    #732874
    Anonymous
    Inactive

    Agree.

    And user passwords should not be accesible to administrators !

    #732895
    Anonymous
    Inactive

    Thanks for the feedback guys.

    The Income Access software has several levels of security built in to control the affiliate manager’s access to information. Our servers are located in a very secure facility and we’ve never had a problem with security.

    That said, we understand that this is a concern and we will put the issue to our development staff right away to see what more can be done.

    Thanks again.

    #733262
    Anonymous
    Inactive

    any news ?

    #733521
    Anonymous
    Inactive

    Hi hostrup,

    Following up from Daniel’s post, passwords are not visible to administrators. They are encrypted.

    Thanks for your input and comments. Much appreciated.

    Best regards,

    Sara

    #733525
    Anonymous
    Inactive

    Sorry to say, but what you are writing simply isn’t true.
    An affiliate manager at a site using the IA software could easily see my password.

    Best regard

    #733533
    Anonymous
    Inactive

    Hi hostrup,

    Many thanks again for your reply. To confirm, Affiliate Managers at Income Access cannot see your password nor that of any affiliate account in our network.

    Furthermore, Income Access affiliate managers have no access to White Label partner programs.

    As my colleague Daniel mentioned, we are upgrading the software across the board as a priority and our development team will implement changes to make our software more secure.

    Hope this answers your comments and concerns.

    Thanks again,

    Sara

    #733535
    Anonymous
    Inactive

    Hi.

    Just one question.

    Howcan it then be that an affiliate manager I am working with can give me my password ?

    Best regards

    Hostrup

    #733552
    Anonymous
    Inactive

    Hi hostrup,

    Can you please let me know which merchant you received your password from and when?

    As mentioned, we have upgraded the security and I would be more than happy to send you a screen shot of what our affiliate accounts looks like in our admin so you can see for yourself that passwords are not visible.

    If you have an affiliate account with us, please send me your username via email or PM and I’ll send you a screenshot of your account.

    Many thanks,

    Sara

    #733683
    Anonymous
    Inactive

    Pm sent to Sara.

    After Sara recieved the message, i got a PM from her basically confirming that this is a security flaw, and that the IA team is working to solve the problem.

    So until this problem is solved, take care of your accounts and passwords !

    #733694
    Anonymous
    Inactive

    Much appreciated Hostrup
    :hattip:

    #733704
    Anonymous
    Inactive
    hostrup wrote:
    Pm sent to Sara.

    After Sara recieved the message, i got a PM from her basically confirming that this is a security flaw, and that the IA team is working to solve the problem.

    So until this problem is solved, take care of your accounts and passwords !

    So publically there is no problem, but in private conversations she admits there is a security flaw? :grunt:

    Time to change my password.

    #733764
    Anonymous
    Inactive

    Hi guys,

    There was nothing said in private that wasn’t said in public. We have never tried to hide anything from our affiliates, and don’t plan to start now.

    There is no security flaw in our system. I informed hostrup of excatly what was said here: Our passwords are NOT displayed in the Income Access network and this security feature was being upgraded across our white label partners.

    A screenshot of hostrup’s Income Access account was sent to prove this.

    Furthermore, I informed hostrup that once the security upgrades were completed in our white label partners, I would be happy to let him, and everyone know of this. I also reiterated that we, the Income Access affiliate team, had no access to our white lable programs as they are outside of our network. Nothing more was said in private. I am more than happy to post the PM here if you would like, with hostrup’s permission.

    This industry is about trust and honour, which I am certain you would concur. Without it, one WILL NOT survive.

    Thanks,

    Sara

    #733768
    Anonymous
    Inactive

    Guys.. you are barking up the wrong tree here.

    If there is one person in this industry that you can definitely trust, it is Sara. I have been working happily with her for many years now and have come across very few people.. let alone industry peers as reliable and full of integrity as her.

    They are upgrading their system.. so let it go. Why is this such an issue when there are so many other issues that go by the wayside?

    When a predatory casino says.. we are updating and changing the terms.. everybody jumps up and yells “Great!” – but when Income say they are upgrading their system.. nobody says “Great!” – no – they get attacked further..

    Beyond belief.

    #733774
    Anonymous
    Inactive

    Sara is one of the nicest affiliate managers I’ve ever known, and I’ve trusted Income Access for years.

    I suspect that quite a few casinos, affiliate programs, and message boards store passwords “as is.” If you forget your password, it can be emailed to you, or (in the case of an online casino), the help desk might tell it to you on the phone after asking you a few security questions.

    Ideally, passwords would be encrypted in a way that does not allow them to be seen or un-encrypted. Using “md5” or “sha1” on the password accomplishes this perfectly. Every time the user logs in, the password they type is transformed via md5 or sha1 into the encrypted version, which looks like a series of random letters and numbers. This “hash” is 32 characters long if md5 is used; 40 characters long if sha1 is used.

    Only the user knows the password; it isn’t possible to email the password to the user, nor is it possible to tell it to them over the phone. If the user forgets the password, the only solution is to send a “new” randomly generated password to the user’s email address. The script that generates this new password also resets the password in the database, encrypting it with md5 or sha1. Nobody ever knows what the password is — except for the user, when he opens his email. Presumably the user is the only one who has access to the email account….

    My point is — Income Access doesn’t deserve to be grilled here any more than PartnerLogic, 400 Affiliates, Casino Rewards, or even CAP (all chosen at random — I have no idea how passwords are stored at any of these sites).

    The best thing to do (to protect yourself) is to use a different password for each account.

    Income Access should be commended for taking steps to make their program even better than before. :thumbsup:

Viewing 15 posts - 1 through 15 (of 21 total)