Danger. Serious password security issues

Record buddy is a useful product but it presents serious security issues to users.

The most egregious and unforgivable sin is that next.audio emails your password to you in plain text. This reveals your personal password schemes to the world. For all of their phony efforts to protect themselves from software pirates (warning you that they are watching your IP and such) they then go and email you your password in plain text. Guess who now has it forever? Your email service provider, such as Google. If it is google, you can never erase that email! And who else? next.audio now knows your password, and has a big headstart gaining access to ALL OF YOUR OTHER PASSWORDS.

Requiring “strong” 15-character passwords for an admittedly useful but relatively trivial piece of software is ridiculous. I appreciate that software developers should be paid, and I always pay for software that I use. But this is asinine. Users have systems for remembering their passwords. Requiring software strength beyond that required by banks, credit cards, universities, and such, means that users have to create ridiculous unique passwords for one little piece of software, OR create a new password every time they need to use it again. And now THIS creates a security issue for the user.

The continual back-and-forth challenging of requiring “additional verification” via email is broken. I do my email on one machine but am trying to access the next.audio website on another machine. It can’t be done. You need to reconfigure your whole workflow to assist with next.audio’s convoluted protection scheme.

I truly sympathize with next.audio’s need to be rewarded for their efforts. But emailing passwords in plain text jeopardizes every single user!!! It reveals any password schemes to the world. Shame shame shame! Shame!!!

1 Like

Welcome to the forums.

As you can imagine, I’m not a web developer that wrote the entire web backend for the website. It’s a commercial system written by a big company.

Having said that I agree that emailing the password is not a good idea and I will look to see if there is a setting to disable that. Thanks for pointing it out.

Regarding password strength. 15 is not strong. Most strong password are 48-64 characters nowadays.