I thought the central thread worked well. As Mike Haven wrote:
[ QUOTE ]
Owing to continued demand, once again we have a central thread for questions, suggestions, complaints, and general discussion about WSEX.
Keeping everything in one thread helps everyone interested in WSEX to find full information, and those not interested know which thread not to read, so thank you for supporting the idea.
The WSEX GM makes a point of reading this thread every day or two, whereas he doesn't have time to search for individual comment threads scattered about the forum. If you want to be sure he sees your questions, etc, then you should post here.
[/ QUOTE ]
The previous central WPEX thread is
here.
In another thread
707782 wrote:
[ QUOTE ]
WSEX got to make their security system better. Password can not be longer than 8 characters? To change password, no need to confirm old password? No email send to confirm?
Please...
[/ QUOTE ]
Agree 100% 707. This and the marketing are easily the most important things to focus on, IMO. We've heard that the marketing is getting ready to kick in, but we haven't heard much from the GM on the security front.
Unacceptable security practices at WPEX/WSEX
1) Username and password are sent in the clear, unencrypted, from the main WSEX page. The link to a secure login is there, but the words 'secure log-in' may unfortunately make some users think the boxes there on the front page are secure.
2) Customer service asks for password over the phone. There is no reason that customer service should EVER have access to unencrypted passwords.
3) The items noted by 707 above.
Items 1 and 3 should be top priority for your software guys, IMO, WSEX GM.
2 should also be high priority, and can be solved by changing practices and making sure passwords are only stored as encrypted strings on your servers. I can see the need to maintain phone service, but ID over the phone should consist of other information than password.
I hope you will take this seriously, because someone's account is bound to get compromised otherwise.
Thank you,
Benjamin <-- not quite an expert, but I did take a graduate level course in computer security.