Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




167 posts

Master Geek


# 133830 4-Nov-2013 13:55
Send private message

Just, gave the TAB a call, so I could place a bet on tonight a-league game. Lady on the phone asks me some questions then reads out my password over the phone.

Is this normal practice for a company to be able to access your password? I was under the impression that there was some sort of one-way process... I'm not sure if I want to give TAB my credit card details anymore

Create new topic
3385 posts

Uber Geek

Trusted

  # 927015 4-Nov-2013 14:10
Send private message

That's extremely bad practice (ideally it should be a one way hash of some kind, properly salted, etc,etc) but probably not as uncommon as you might hope...

Credit cards should, in theory, be a different kettle of fish, with PCI compliance requirements and so on.

3465 posts

Uber Geek

Trusted

  # 927044 4-Nov-2013 15:14
Send private message

you would be surprised how many forums/sites don't 1 way hash/protect passwords. personally i have a bunch of passwords I use depending on the level I care for the site, if its something stupid like pizza hut (who dont have my CC details), ill just use my generic "stupidpassword" (well not that, but a stupid password).

even with md5/sha1 etc you can reverse them some what easily and quickly thanks to cloud computing, bcrypt is a lot safer to use.

 
 
 
 




167 posts

Master Geek


  # 927046 4-Nov-2013 15:17
Send private message

Wouldn't my account need to have some information to access the cc details that I keep on there. So in theory if someone was able to access my password then they could use my cc, at least on that site.

If this is common practice, is there any information on what sites do one way hashing

3385 posts

Uber Geek

Trusted

  # 927116 4-Nov-2013 17:00
Send private message

I'm not sure how TAB is setup. They may use a 3rd party payment gateway and store a token on their system from the payment gateway, where the token allows them to reuse your CC via the payment gateway without storing the CC details on their system.

But as you say it's possible, depending on how their process works, that someone might be able to use your CC details through the TAB system (if it remembers your CC details for subsequent bets?) but I'd say it's very unlikely. And if they did it's fairly likely they'd be caught depending on what options TAB offers to withdraw your winnings.

I generally deselect options to "store my credit card details for use later" when making payments online though... I'm fine with just re-entering it each time.

I doubt there's a list of sites that don't one-way hash passwords. In many cases you as the user won't know they're doing this unless said site does something like email you the password. As a user, you should probably try use different passwords for different sites. Maybe use something like keepass to manage them. And use 2-factor authentication where available, especially on your email which can be used to reset all your passwords ;-)

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26


New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25


N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22


Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42


Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45


Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30


JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59


Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34


NZ Police releases public app
Posted 8-Jan-2020 11:43


Suunto 7 combine sports and smart features on new smartwatch generation
Posted 7-Jan-2020 16:06


Intel brings innovation with technology spanning the cloud, network, edge and PC
Posted 7-Jan-2020 15:54


AMD announces high performance desktop and ultrathin laptop processors
Posted 7-Jan-2020 15:42


AMD unveils four new desktop and mobile GPUs including AMD Radeon RX 5600
Posted 7-Jan-2020 15:32


Consolidation in video streaming market with Spark selling Lightbox to Sky
Posted 19-Dec-2019 09:09


Intel introduces cryogenic control chip to enable quantum computers
Posted 10-Dec-2019 21:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.