|
Originally Posted by Keith
ok , so now we have the info it appears that someone has tried to reset your password or has clicked on an "i've forgotten my password" link and put your username in. ACR have then reset your password and sent you the new login information. They have to send it in plain text so that people who have forgotten their password can then use it to login . I assume that they have a method to change the password once you are logged in. It is advisable to change your password to something that you want if their is that option as this could be someone trying to hack your email accounts and then use the password resets to access your funds and poker accounts.
From your attitude , it could be that someone you trash talked to in chat decided to mess you about and tried to login with your username and clicked the forgot password link causing your password to be reset.
Keith,
what you wrote has nothing common with what I said above - the FIVE MINUTES WORKS I want ACR to do.
First even my family does not know that I play sometimes poker; only some friends vaguely - they even do not know what "poker room" is.
It is not serious, for not to say ridiculous, to blame me, ME this way: "From your attitude , it could be that someone you trash talked to in chat..."
I am astonished that so many people (not necessary at FTR) have not elementary notion of password protection. Thanks God, my children are not from them, so I will continue the fair tale for the passwords.
When you sign up usually you are asked to choose some password. Let us say that you enter: my_psw_1. It automatically, hiden from man's eye, is transformed (say, with the above mentioned most simple MD5 algorithm) to a 32 (FTR, that do not keep our money, uses 40) hexadecimal digits number, like this - 79054025255fb1a26e4bc422aef54eb4, which is stored. No one can, from these 32 symbols, derive the initial password my_psw_1. When you are to login you enter the password, which only you know, and which is transformed to a 32 digit string. If the two 32-strings coincide, you are accepted.
Every single password is to be unique. My password that ACR knows and even wave in the air, can not be used anywhere else. I have several hundreds of passwords (some of them used only once or twice). How can I remember them? I do not remember them; I put them in a list. Yes, on a list, but encrypted. Some trivial examples on how to decrypte passwords:
Netteler 1234 -> 2345 (simple +1, +1, +1, +1)
Skrill 3714 -> 4540 (more sophisticated +1, -2, +3, -4)
and also:
POKE_rStar 3481 -> P3O4K8E1 (clear, but)
AMER_icas CardRoom 2117 -> R2e1M1a7 (because it begins with the vowel "A")
There are so many variants, combinations that only specialist with powerful computational resources can decrypt them and the list, of course, is enrypted, too. I am sure that my children keep, at least, their passwords encrypted.
Please, note that a user is identifiable by HIS E-MAIL! There may be no Username, even password. E-mail.
There are two ways that are used in the case of a forgotten password:
1) A temporary password is sent
2) A link to a secure page, where to enter a new password, is sent
Sent to the e-mail of the titular of the account. He is to act wery quickly as this valuable information may be intercepted on the open, insecure e-mail lines.
Keith, your read of my attitude: "...it could be that someone you trash talked to in chat decided to mess you about and tried to login with your username and clicked the forgot password link causing your password to be reset." is very inspired, imaginative, worth to be posted in the Security Forums. So, briefly, ACR revealed a conspiracy against me that they prevented and just sent me a little password for me to be able to login. That can not happen! Even if someone knows my Username, guessed with which of my numerous e-mails (he can not know them, because even me do not know them had I signed-up, it is me and only me who will receive the notification that I am to choose a new password. For example, yesterday when I for the N-th time tryed to change my password at ACR, I received the following:
and after choosing a new pass, I received an e-mail as the ones shown above - with my pass in PLAIN TEXT For 22 days they did not do something for FIVE MINUTES WORK!
Please, note that the criminals of ACR do not give your a way to change your password, exept with the "Forgotten" button. At PokerStars, for example, you can do it from "Account" in the poker client, main lobby in secure line.
Now I am to explain why they are criminals, am I not? In my country where the Statutory Law (guided by statutes) is practiced, you can find the following text:
CRIMINAL CODE
Section VI
Issuance of foreign secret
Art. 145. (1) Who unlawfully reveals the secret of another dangerous for the good name of someone who is entrusted or has become known in connection with his trade, shall be punished with imprisonment of up to one year or a fine of one hundred to three hundred lev.
(The translation is directry from Google Translator, and I will not trim it.)
In the countries with Common Law (guided by precedents) you can find the same thing:
Breach of Confidence
In order to establish an actionable breach of confidence, the complainant must prove (a) that the information conveyed was confidential, (b) that it was communicated in confidence, (c) that it was misused by the party to whom it was communicated, and (d) detriment to the complainant.
----------------------------------------
Galapogos,
From The Free Dictionary
speak up
vb (intr, adverb)
1. to speak more loudly
2. to state one's beliefs, objections, etc, bravely and firmly
I'll try, you have my word.
|