Image of the day

Captured by

Helix Nebula

My Account

New to Astromart?

Register an account...

Need Help?

passwords are not secure enough, huge security hole

Started by utnuc, 01/13/2023 01:22PM
Posted 01/13/2023 01:22PM Opening Post
After getting scammed out of $2k from a hacked user with good ratings this week I decided to look into the minimum password requirements for users here. The system just let me change my password to "password." This puts everyone selling and buying on here at risk. A user account with decent ratings could easily be hijacked, making such scams a pretty simple affair. This is truly unacceptable. Minimum password complexity should be a strong, validated password before being accepted by the system. I don't think I'll be using this site again until common-sense security measures are put into place.
Posted 01/13/2023 01:59PM #1
You have to have an email address - connected to a credit card or a PayPal account - connected to an address and exact name but I have sent this up to the IT guys to see what they say.
There is nothing stopping you from making any password you like.
You should come to me with any issues of nonpayment and I "BOND" with the "member" 
[email protected]
Posted 01/13/2023 09:29PM #2
All this may be true, but is 100% moot if a password is compromised. The user account that was hacked and scammed me has been removed, others already reported them.
Posted 01/14/2023 01:16AM #3
From the IT group

"Herb, that has been fixed. see attached screenshot.  Password should be at least 8 characters in length and should include at least one upper case letter, one number, and one special character.

Added also on Password Reset."

Thank you
Astromart LLC
Posted 01/14/2023 01:22AM #4
Perfect! Thanks for this. I'm sure there's no way to reset all previous weak passwords because you're likely only storing the password hash. Only way to fix that would be a forced password reset for all. If you're seeing a significant uptick in account take-over this would be the next step to consider.
Posted 01/17/2023 06:43AM #5
Thanks for forcing a secure password. Hopefully that made some lemonade out of my 🍋 🍋 =)
Posted 01/18/2023 03:56AM | Edited 01/19/2023 12:26AM #6
Well I was forced to upgrade my password a couple of days ago. Today I find I can only access Astromart on my iPhone. My Mac and IPad refuses to connect in any way with Astromart. I just get a “safari cannot open the page because it could not establish a secure connection to the server.”  It’s as if Astromart doesn’t exist to these devices. I’ve tried all kinds of ways to google different links and no luck. Any ideas?
Posted 06/06/2023 12:49AM #7
This happened to me with the account Michael Collins, good reviews and long standing. Now i'm out $6,000. I understand there were some red flags but I trusted the rating system (sucks being a trusting person)... one person ruins it for them all.