Hi everyone,
I have been developing my apps myself and recently got some professional programmers to do some more difficult code for me. These programmers were not familliar with A5 but have for the last few months got to know the system very well.
This week we discussed security of Alpha and handling of the passwords. When they realised how alpha web security handles passwords I was strongly recommended to take our whole production app offline until we have looked into a soution(!). The problem is that I can easily retrieve the passwords with some simple alpha coding. To explain it to (an idiot like) me they found a good explanation in a youtube video, at 2:50 they describe the method used by alpha (if you want to save three minutes, which is still a good introduction):
https://www.youtube.com/watch?v=8ZtInClXe1Q
The only way we can fix the problem is to give everyone random passwords and not giving them the options to change them. Not a good solution in the long run but this is what we will do temporarily. Another option would be to force everyone to log in with google or similar, but I can't do this as we provide logins to all different peopkle and we can't force them to have facebook or gmail accounts.
Is there an update regarding the security in A5 on the way? The system used seems to be very old. Maybe even an option to use two way authentification which is getting more and more common?
I have been developing my apps myself and recently got some professional programmers to do some more difficult code for me. These programmers were not familliar with A5 but have for the last few months got to know the system very well.
This week we discussed security of Alpha and handling of the passwords. When they realised how alpha web security handles passwords I was strongly recommended to take our whole production app offline until we have looked into a soution(!). The problem is that I can easily retrieve the passwords with some simple alpha coding. To explain it to (an idiot like) me they found a good explanation in a youtube video, at 2:50 they describe the method used by alpha (if you want to save three minutes, which is still a good introduction):
https://www.youtube.com/watch?v=8ZtInClXe1Q
The only way we can fix the problem is to give everyone random passwords and not giving them the options to change them. Not a good solution in the long run but this is what we will do temporarily. Another option would be to force everyone to log in with google or similar, but I can't do this as we provide logins to all different peopkle and we can't force them to have facebook or gmail accounts.
Is there an update regarding the security in A5 on the way? The system used seems to be very old. Maybe even an option to use two way authentification which is getting more and more common?
Comment