Post Reply

Forums -> UltraMon™ -> Website Security
Richard   2017-11-09 02:15
I am amazed that a software company is still sending unencrypted passwords via email when requesting a password reset.

And that the account login screen is unencrypted. There really is no excuse for running unencrypted sites these days with the likes of LetsEncrypt offering easy to use free certificates.
Christian Studer   2017-11-09 02:22
You can also browse the site via HTTPS, but it's not the default: https://www.realtimesoft.com

Christian Studer - www.realtimesoft.com
Richard   2017-11-09 03:05
Sigh ... it really should be the default, especially for pages such as http://www.realtimesoft.com/ecom/account/login.asp
Bill   2017-11-10 09:54
Is it really a problem? It just makes sense to change the password anyway after requesting a password reset. I always consider the password sent after requesting a reset as a temporary password - one to get me back in so I can set a new permanent one.
Forums -> UltraMon™ -> Website Security

Post Reply