Quote:
Originally Posted by 6V6GT
This site is not using encryption when changing passwords or altering personal details:
http://forumserver.twoplustwo.com/pr...o=editpassword
It should say https. This is bad practice and insecure.
As a general precaution I would recommend removing personal details eg birthday, country details from any account where possible. It is possible to remove these on 2+2
+1 - I've seen this mentioned sooo many times and nothing is ever done about it.
How is this site well over a decade old and still not use https or offer 2 factor authentication? Considering all the claims in HSNL about 2p2 accounts getting hacked (and now this, as well as the other 2p2 hack a few years), and the high value of money that can be scammed this seems like a no brainer. I've been on other sites where the need for heightened security wasn't as necessary, and even those sites have implemented secured sites and 2FA (e.g. obscure car forums). At the very least, if 2p2 cared about its user's privacy then it would implement these standards if any of the admins learned anything from the last hack in 2012 - continuing to ignore these standards just seems irresponsible from a web admin.
Minus whale just put a big banner on the splash page in bold letters reading "hack me plz!"