- Joined
- Jun 18, 2002
- Messages
- 498
- Reaction score
- 3
I just found out by reading on another domain forum that Moniker's passwords were NOT case-sensative. I have always thought that they were. Even Godaddy honors the case sensativity in passwords!
To try, I typed in my account username and then my password in all lower case and it worked and let me login. This is a big security error in my opinion, as it makes it easier for bots and hackers to try and compromise a Moniker account by guessing passwords or using brute force login automated routines.
It would make it much harder if Moniker didn't bypass in their account login routine the case that people have already embedded into their passwords when they selected them.
Please, Monte, change the login routine to honor the correct case in our passwords to keep our accounts as secure as possible. I am with Moniker because of security and customer service, as I want my names protected from thieves and others.
Password: xYzz12Y is much more secure than say xyzz12y, and there are many more permutations of mixed upper and lower case that will add to security. Enabling "any case matching" algorithm for passwords that you apparently are now using cuts down on permutations of embedded password security by a significant factor. I am not a mathematician, but I know enough about permutations of upper and lower case letters to know that eliminating the case hurts the diversity of combinations otherwise possible in a mixed upper/lower case password.
No change to the passwords already stored in our Moniker accounts need be made, just a change in the login verification algorithm/routine you are using to do an exact match check on the whole password (including checking the case of all alphabetic characters the user has selected in their password).
Thanks Monte for considering this security enhancement suggestion! We'll all sleep better once this feature is implemented knowing that there is less chance of someone breaking into our account(s) at Moniker. You have an excellent reputation for account security, and this should help strengthen that.
---
Update: Monte replied to me via E-mail within a few hours of this post and says that they have 5 security steps one would have to get through to break in and steal names from a Moniker account, and that they have NEVER lost a name to theft! That is good news and a fast reply from Monte!
He said that they will look into the case sensative password issue also.
Thanks Monte (and Moniker) for "looking out for us" (the domain owners who are your customers). I appreciate all your security for protecting domains that are with Moniker.
Update 2: An employee from Moniker just sent me the following:
"Hello Adam,
Thank you for the valuable feedback you provided regarding our password policies. We found your observations completely valid and agreed with your recommendation.
A few minutes ago we updated our system to enforce case-sensitive password verifications.
The Moniker Tech team thanks you for helping us improve our systems."
Thanks Moniker for a very quick reply to my password security suggestion!
To try, I typed in my account username and then my password in all lower case and it worked and let me login. This is a big security error in my opinion, as it makes it easier for bots and hackers to try and compromise a Moniker account by guessing passwords or using brute force login automated routines.
It would make it much harder if Moniker didn't bypass in their account login routine the case that people have already embedded into their passwords when they selected them.
Please, Monte, change the login routine to honor the correct case in our passwords to keep our accounts as secure as possible. I am with Moniker because of security and customer service, as I want my names protected from thieves and others.
Password: xYzz12Y is much more secure than say xyzz12y, and there are many more permutations of mixed upper and lower case that will add to security. Enabling "any case matching" algorithm for passwords that you apparently are now using cuts down on permutations of embedded password security by a significant factor. I am not a mathematician, but I know enough about permutations of upper and lower case letters to know that eliminating the case hurts the diversity of combinations otherwise possible in a mixed upper/lower case password.
No change to the passwords already stored in our Moniker accounts need be made, just a change in the login verification algorithm/routine you are using to do an exact match check on the whole password (including checking the case of all alphabetic characters the user has selected in their password).
Thanks Monte for considering this security enhancement suggestion! We'll all sleep better once this feature is implemented knowing that there is less chance of someone breaking into our account(s) at Moniker. You have an excellent reputation for account security, and this should help strengthen that.
---
Update: Monte replied to me via E-mail within a few hours of this post and says that they have 5 security steps one would have to get through to break in and steal names from a Moniker account, and that they have NEVER lost a name to theft! That is good news and a fast reply from Monte!
He said that they will look into the case sensative password issue also.
Thanks Monte (and Moniker) for "looking out for us" (the domain owners who are your customers). I appreciate all your security for protecting domains that are with Moniker.
Update 2: An employee from Moniker just sent me the following:
"Hello Adam,
Thank you for the valuable feedback you provided regarding our password policies. We found your observations completely valid and agreed with your recommendation.
A few minutes ago we updated our system to enforce case-sensitive password verifications.
The Moniker Tech team thanks you for helping us improve our systems."
Thanks Moniker for a very quick reply to my password security suggestion!
