Re: serious security issue #login


Marv Waschke
 

Peter-- You are right. This is a serious security compromise for convenience. Groups.io, like most consumer applications, is not highly secure. If it were, it would not be used by most of the people who use it now. When someone forgets the password to an account and is sent a link to reset their password, they engage in an insecure transaction. In a high security environment, they would undergo a lengthy in person interview, have their fingerprints taken, their retina scanned, and a DNA swab analyzed before getting a new password. If they lost their password, they would have to repeat the process and there would be a fair chance they would be permanently denied access for their carelessness. If a product like Groups.io were set up in that manner, who would use it? We make compromises for convenience. This is one of them and a common one.

In this case, users rely on the security of their email account. Many consumer applications and services also rely on email account security. It never hurts to remind folks to keep their email accounts secure and never forward emails that contain links that are signs of authentication, like links to password resets or entrance to Zoom meetings.
Best, Marv

Join GroupManagersForum@groups.io to automatically receive all group messages.