Forum » Feedback and Ideas

Reset Password link should be in https

 
  • Reset Password link should be in https

    I just tried reset password today. While rest of authentication stuff works over HTTPS, reset password, strangely enough defaults to HTTP.
    I suggest the link that you send in emails be converted to HTTPS.
    Thanks

    • tburny a dit :...
    • Forum Moderator
    • 9 mai 2012, 22h28m
    Good point!
    I would take things even a bit further and offer a full HTTPS version of last.fm (not only the auth pages) to prevent cookie theft in wireless networks (home, cafe, wifi hotspot, there are many places from where you can browse last.fm :) )

    Combo.fm: Combine your favourite radio stations! | My Blog | scala-lastfmapi | Cache2k - A high performance Java in-memory cache
    P.S.: Do not click here
    throw new PokemonException(); //Gotta catch 'em all
    My forum post reflects my personal opinion :)
    • rfruth11 a dit :...
    • Utilisateur
    • 13 mai 2012, 15h53m
    +1

    • willfrei a dit :...
    • Utilisateur
    • 8 juin 2012, 10h50m

    +1

    Could you please do something about this? Especially in the current situation (lost password hashes, urging users to change passwords), this practically blocks users from doing the right thing (tm). I for one consider any password that hast been transferred over a non-encrypted channel as not safe (and you should, too!).

    Additionally, at least for German users, the HTTPS certificates do not match (they are only issued for last.fm, where the password change page is on lastfm.de). Could you please at least comment on whether you are working on this problem? Or if there are any workarounds? I would really like to change my password, but under the current circumstances, I am just not able to do it in a safe way. Changing a potentially compromised password to a new one that is immediately potentially compromised as well amounts to nothing.

    Thank you and keep up the good work!

    • [Utilisateur supprimé] a dit :...
    • Utilisateur
    • 8 juin 2012, 11h21m
Les utilisateurs anonymes ne peuvent pas poster de messages. Merci de vous connecter ou de créer un compte pour pouvoir intervenir dans les forums.