Fórum » Feedback and Ideas

Reset Password link should be in https

  • Reset Password link should be in https

    I just tried reset password today. While rest of authentication stuff works over HTTPS, reset password, strangely enough defaults to HTTP.
    I suggest the link that you send in emails be converted to HTTPS.

    • tburny disse...
    • Forum Moderator
    • Mai 9 2012, 22h28
    Good point!
    I would take things even a bit further and offer a full HTTPS version of last.fm (not only the auth pages) to prevent cookie theft in wireless networks (home, cafe, wifi hotspot, there are many places from where you can browse last.fm :) )

    Combo.fm: Combine your favourite radio stations! | My Blog | scala-lastfmapi | Cache2k - A high performance Java in-memory cache
    P.S.: Do not click here
    throw new PokemonException(); //Gotta catch 'em all
    My forum post reflects my personal opinion :)
    • rfruth11 disse...
    • Usuário
    • Mai 13 2012, 15h53

    • willfrei disse...
    • Usuário
    • Jun 8 2012, 10h50


    Could you please do something about this? Especially in the current situation (lost password hashes, urging users to change passwords), this practically blocks users from doing the right thing (tm). I for one consider any password that hast been transferred over a non-encrypted channel as not safe (and you should, too!).

    Additionally, at least for German users, the HTTPS certificates do not match (they are only issued for last.fm, where the password change page is on lastfm.de). Could you please at least comment on whether you are working on this problem? Or if there are any workarounds? I would really like to change my password, but under the current circumstances, I am just not able to do it in a safe way. Changing a potentially compromised password to a new one that is immediately potentially compromised as well amounts to nothing.

    Thank you and keep up the good work!

    • [Usuário excluído] disse...
    • Usuário
    • Jun 8 2012, 11h21
Usuários anônimos não podem postar mensagens. É preciso fazer login ou criar uma conta para postar nos fóruns.