Richard 2017-11-09 02:15
I am amazed that a software company is still sending unencrypted passwords via email when requesting a password reset.
And that the account login screen is unencrypted. There really is no excuse for running unencrypted sites these days with the likes of LetsEncrypt offering easy to use free certificates.
|
Christian Studer 2017-11-09 02:22
You can also browse the site via HTTPS, but it's not the default: https://www.realtimesoft.com
Christian Studer - www.realtimesoft.com
|
Richard 2017-11-09 03:05
Sigh ... it really should be the default, especially for pages such as http://www.realtimesoft.com/ecom/account/login.asp
|
Bill 2017-11-10 09:54
Is it really a problem? It just makes sense to change the password anyway after requesting a password reset. I always consider the password sent after requesting a reset as a temporary password - one to get me back in so I can set a new permanent one.
|
