- This topic is empty.
-
Posts
-
Sara is one of the nicest affiliate managers I’ve ever known, and I’ve trusted Income Access for years.
I suspect that quite a few casinos, affiliate programs, and message boards store passwords “as is.” If you forget your password, it can be emailed to you, or (in the case of an online casino), the help desk might tell it to you on the phone after asking you a few security questions.
Ideally, passwords would be encrypted in a way that does not allow them to be seen or un-encrypted. Using “md5” or “sha1” on the password accomplishes this perfectly. Every time the user logs in, the password they type is transformed via md5 or sha1 into the encrypted version, which looks like a series of random letters and numbers. This “hash” is 32 characters long if md5 is used; 40 characters long if sha1 is used.
Only the user knows the password; it isn’t possible to email the password to the user, nor is it possible to tell it to them over the phone. If the user forgets the password, the only solution is to send a “new” randomly generated password to the user’s email address. The script that generates this new password also resets the password in the database, encrypting it with md5 or sha1. Nobody ever knows what the password is — except for the user, when he opens his email. Presumably the user is the only one who has access to the email account….
My point is — Income Access doesn’t deserve to be grilled here any more than PartnerLogic, 400 Affiliates, Casino Rewards, or even CAP (all chosen at random — I have no idea how passwords are stored at any of these sites).
The best thing to do (to protect yourself) is to use a different password for each account.
Income Access should be commended for taking steps to make their program even better than before. :thumbsup:
Thanks very much Peralis and Engineer. The feeling is very mutual. :hattip:
I’m afraid my technical lingo pales in comparison to that of yours Engineer (hence why I’m in Marketing and not IT), however we have implemented a similar capability to what you described in our sister network Share Results, where passwords are encrypted and reset if the user forgets. A random one is automatically generated by the system and sent to the email address in the account.
We are looking to upgrade Income Access to a similar level.
Thank you again for your kind words, and vote of confidence.
Sara
peralis wrote:Guys.. you are barking up the wrong tree here.If there is one person in this industry that you can definitely trust, it is Sara. I have been working happily with her for many years now and have come across very few people.. let alone industry peers as reliable and full of integrity as her.
They are upgrading their system.. so let it go. Why is this such an issue when there are so many other issues that go by the wayside?
When a predatory casino says.. we are updating and changing the terms.. everybody jumps up and yells “Great!” – but when Income say they are upgrading their system.. nobody says “Great!” – no – they get attacked further..
Beyond belief.
Hang on there.
No one is attacking Income Access.
I am making them aware that they have a security flaw in their program, and Sara replies that it is true, and that they are working on it.
Isnt that part of the reason for this bulletin board – to make software vendors, affiliates and sites aware of problems/issues – so these issues can be approached, and everyone gets a better and more secure buisness !
Hostrup
is this security problem solved, or is our passwords still unsecure with Income Access software ?
Hi Hostrup,
Apologies for the tardy response. Just got back from CAC.
Yes, the security features have been upgraded across all our white label partners and passwords are not displayed.
Thanks for your follow-up.
Kind regards,
Sara
GREAT !!!
Have the software been rolled out to all customers ?
WOW! That was speedy.
They certainly have. The upgrades were implemented as they occured.
Thanks for all.
Cheers,
Sara
