ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Would you trust this ... ?

<< < (4/5) > >>

daddydave:
LinkedIn is even worse, because they have a prompt like this that makes it look like you're logged out of LinkedIn. I've accidentally typed a password there and submitted a few times.

The right way to do this is use some kind of authentication where it redirects you to the third party's web site so you can at least see the URL and be clear you are giving your password into Google and not Facebook or LinkedIn. Of course, not everyone is on Gmail, but all the web mail services ought to (which means they probably don't) have something similar in my opinion. Yes, I realize that is 1000 times more work. And by the way, why are iPhone/iPod Touch apps so dependent on shared passwords stored in the app? Oh, because they're in the cloud man, security is for old fogies who still want to sync to desktop.

Ahem... On the "let's give people the keys to the castle" note...

Seems like Facebook is asking for my email address and password...
 (see attachment in previous post)
Ahem... To make this a fun game of fill in the blanks, they can:

G_ f___ themselves.

Like really? WTF? Are they on crack?



-Renegade (September 20, 2011, 01:22 AM)
--- End quote ---

Alk:
It's been over 2 years ago since I used the service. Very handy if your service provider doesn't provide webmail and you don't want to setup an email client for the purpose of just reading the emails (without downloading them to your email client). Also very handy as a troubleshooting tool to independently verify that the email account details are working correctly.

rjbull:
I too am in the UK and used the mail2web service for several years without problems, though not much in the last two years.  At one point my ISP (Plus.net) tried to set up their own Web mail service, made it insecure, and while they thought about improving it, recommended their customer use mail2web.

I was under the impression that passwords for e-mail were sent in plain text anyway.  Has SSL changed that?

Ath:
I was under the impression that passwords for e-mail were sent in plain text anyway.  Has SSL changed that?
-rjbull (September 25, 2011, 11:00 AM)
--- End quote ---
An SSL connection is encrypted by default, so even though the password goes into the comms channel in plain text, because of the entire channel being encrypted, nobody but the receiving end can read it. It's just like with https vs http websites.

rjbull:
@Ath: Thanks!  I suspect 4wd's comment about mail2web pre-dating Gmail and other Web mail interfaces probably means it also pre-dates SSL, though they should now catch up and add it.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version