GoFuckYourself.com - Adult Webmaster Forum - View Single Post

RuthB · 02-11-2012, 03:35 PM

We initially anticipated this update to take approximately three hours. However, during our migration to the new and improved security login engine we encountered some difficulties porting the old passwords to the new system. Since we do not have access to the passwords ourselves we had to reset everyone's password during this process. Once reset we were able to continue implementation of the new login engine and complete our updates. Unfortunately our estimated downtime was much longer than we first thought and we sincerely apologize for the additional downtime.

In regards to the plain text emails; we took the necessary measures to protect the passwords. We activated approval codes (users can disable them), and we sent a separate authentication key, which greatly reduces the odds of having the information fall into the wrong hands. There have been several waves of phishing attempts targeting Paxum clients recently, and this is partly the reason we thought it wise to not include HTML in our notifications.

In response to the query regarding the 'password match' when resetting your password;

Paxum does not store passwords in clear text and never has. What we store is a crypt result based on an algorithm and not the actual password. When somebody logs into the system we apply the same crypt algorithm to the password entered by the user and compare the result with what we have stored on the client file. We do not know the actual password, that's why you cannot recover the password from the system when forgotten. You can only reset it.

Now as to how we knew you were trying to set the same password as before, that's easy. After you enter the password on the interface we create the crypt result based on the new engine and we also create the crypt result based on the old engine. Therefore, the comparison can be made between the crypt results from both engines.

Ultimately, the purpose of this new update is to create an even safer environment for our clients. We sincerely hope our intentions here are clear, and that is; to protect our clients.

02-11-2012, 03:35 PM
RuthB Let's Get Paxumized! Industry Role: Join Date: May 2005 Location: Vancouver, Canada Posts: 7,248	We initially anticipated this update to take approximately three hours. However, during our migration to the new and improved security login engine we encountered some difficulties porting the old passwords to the new system. Since we do not have access to the passwords ourselves we had to reset everyone's password during this process. Once reset we were able to continue implementation of the new login engine and complete our updates. Unfortunately our estimated downtime was much longer than we first thought and we sincerely apologize for the additional downtime. In regards to the plain text emails; we took the necessary measures to protect the passwords. We activated approval codes (users can disable them), and we sent a separate authentication key, which greatly reduces the odds of having the information fall into the wrong hands. There have been several waves of phishing attempts targeting Paxum clients recently, and this is partly the reason we thought it wise to not include HTML in our notifications. In response to the query regarding the 'password match' when resetting your password; Paxum does not store passwords in clear text and never has. What we store is a crypt result based on an algorithm and not the actual password. When somebody logs into the system we apply the same crypt algorithm to the password entered by the user and compare the result with what we have stored on the client file. We do not know the actual password, that's why you cannot recover the password from the system when forgotten. You can only reset it. Now as to how we knew you were trying to set the same password as before, that's easy. After you enter the password on the interface we create the crypt result based on the new engine and we also create the crypt result based on the old engine. Therefore, the comparison can be made between the crypt results from both engines. Ultimately, the purpose of this new update is to create an even safer environment for our clients. We sincerely hope our intentions here are clear, and that is; to protect our clients. __________________ Send & Receive Mass Global Payments - Mass P2P/Wire/EFT/SEPA - Adult Industry Friendly - Award Winning Payment Service - Fast, Reliable & Secure! Paxum ...... Paxum Bank Email: [email protected] ~ Telegram: PaxumRuth