Image of the day

Captured by
RICHARD COFER

Helix Nebula

About Astromart

My Account

New to Astromart?

Need Help?

[email protected]

passwords are not secure enough, huge security hole

Started by utnuc, 01/13/2023 01:22PM

Post Reply

Posted 01/13/2023 01:22PM Opening Post

Forum Member

Join Date: Dec 2022

Location: Chattanooga TN, US

Posts: 9

After getting scammed out of $2k from a hacked user with good ratings this week I decided to look into the minimum password requirements for users here. The system just let me change my password to "password." This puts everyone selling and buying on here at risk. A user account with decent ratings could easily be hijacked, making such scams a pretty simple affair. This is truly unacceptable. Minimum password complexity should be a strong, validated password before being accepted by the system. I don't think I'll be using this site again until common-sense security measures are put into place.

Quote

Posted 01/13/2023 01:59PM #1

Administrator

Join Date: May 2001

Location: Colville WA, US

Posts: 498

You have to have an email address - connected to a credit card or a PayPal account - connected to an address and exact name but I have sent this up to the IT guys to see what they say.
There is nothing stopping you from making any password you like.
You should come to me with any issues of nonpayment and I "BOND" with the "member"
[email protected]

Quote

Posted 01/13/2023 09:29PM #2

Forum Member

Join Date: Dec 2022

Location: Chattanooga TN, US

Posts: 9

All this may be true, but is 100% moot if a password is compromised. The user account that was hacked and scammed me has been removed, others already reported them.

Quote

Posted 01/14/2023 01:16AM #3

Administrator

Join Date: May 2001

Location: Colville WA, US

Posts: 561

From the IT group

"Herb, that has been fixed. see attached screenshot. Password should be at least 8 characters in length and should include at least one upper case letter, one number, and one special character.

Added also on Password Reset."

Thank you
Astromart LLC

Quote

Posted 01/14/2023 01:22AM #4

Forum Member

Join Date: Dec 2022

Location: Chattanooga TN, US

Posts: 9

Perfect! Thanks for this. I'm sure there's no way to reset all previous weak passwords because you're likely only storing the password hash. Only way to fix that would be a forced password reset for all. If you're seeing a significant uptick in account take-over this would be the next step to consider.

Quote

Posted 01/17/2023 06:43AM #5

Forum Member

Join Date: Dec 2022

Location: Chattanooga TN, US

Posts: 9

Thanks for forcing a secure password. Hopefully that made some lemonade out of my 🍋 🍋 =)

Quote

Posted 01/18/2023 03:56AM | Edited 01/19/2023 12:26AM #6

Forum Member

Join Date: Jun 2001

Location: Neenah WI, US

Posts: 1

Well I was forced to upgrade my password a couple of days ago. Today I find I can only access Astromart on my iPhone. My Mac and IPad refuses to connect in any way with Astromart. I just get a “safari cannot open the page because it could not establish a secure connection to the server.” It’s as if Astromart doesn’t exist to these devices. I’ve tried all kinds of ways to google different links and no luck. Any ideas?

Quote

Posted 06/06/2023 12:49AM #7

Forum Member

Join Date: Jan 2021

Location: Bondurant IA, US

Posts: 3

This happened to me with the account Michael Collins, good reviews and long standing. Now i'm out $6,000. I understand there were some red flags but I trusted the rating system (sucks being a trusting person)... one person ruins it for them all.

-Brennan

Quote

Post Reply

Funding Member

Telescopes, Astronomy, Binoculars

Image of the day

About Astromart

My Account

Need Help?

passwords are not secure enough, huge security hole

Funding Member

Sponsors

Search