HolidayBuyer's Guide

Spyware, Viruses, & Security forum


Avast emails me my password!

by Sukki007 / June 20, 2012 11:11 AM PDT

One of the first things my ex, the IT guy, taught me about computers is that email is not secure. Consequently, I never send any sensitive info, such as credit card numbers, by email.

I'm having a problem with Avast suddenly declaring a forum page I read and post on daily contains malware, and denying the service. This has been happening on Firefox, my primary brower, then again on Chrome, when I tried to access it through that. I get regular email updates from that Forum whenever there's a new post , so I know that others on the site are continuing to access it without problem.

I went to the Avast website and registered, as required, in order to get help with this issue. I got an email back confirming the registration, with a link to activate the registration. Lo and behold, this email contains my user name plus my PASSWORD, spelled out completely for all the world and any hacker to appropriate.

I can't understand how a company that specializes is web security could be so stupid. Or have things changed since, making email very secure?

Discussion is locked
You are posting a reply to: Avast emails me my password!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Avast emails me my password!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
by Poultrygeist / June 20, 2012 2:18 PM PDT

Well, email is a lot more secure since SSL (https) started to be widely used, this encrypts the traffic so attempted "man in the middle attackers" just get a load of unreadable junk when he tries to intercept.

I'm a member of that forum myself, and you are not the first person to point out the potential problem with this, the topic has been gone over a couple of times over there (on Avast! forum) in the past.

So, in short, is email safer than it used to be? Yes, by far. But is sending passwords via email still an unneeded risk? Yes to that also. But again, much safer than it was. Good on you for even being aware enough to notice though, most people do not even think twice about it.

Collapse -
My email is not encrypted
by Sukki007 / June 20, 2012 8:37 PM PDT
In reply to: RE:

I hope that Avast is encrypting any email it sends, but my own email is not. I always check for the https: and/or the lock, and my email shows an open lock. If I had replied to that email (which shows the one they sent) without blocking out my password, I would have been sending my own password into cyberspace.

Collapse -
Sorry but almost all email I see is sent in the clear.
by R. Proffitt Forum moderator / June 20, 2012 2:43 PM PDT covers another issue that is amazing to some.

"After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record.[7] This means that a subpoena instead of a warrant is all that is needed for a government agency to force email providers such as Google's Gmail to produce a copy.[7] Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries."

And even if someone tells you it's encrypted, the from, to and other fields are not encrypted because those are needed for the current email system to work.
Collapse -
I don't understand your response...
by Sukki007 / June 20, 2012 8:40 PM PDT

Your subject title starts with "Sorry...", but then your quote seems to agree with what I'm saying, that Avast emailing my password to me allows the world to see it, either now or later. What am I missing?

Collapse -
by R. Proffitt Forum moderator / June 21, 2012 2:16 AM PDT

You missed nothing. I've told folk for years that email is not secure. And if you want to discuss why, we only need to do a little digging into the FBI's "Going Dark" initiative. I offered more about how your email loses it's protected communication in only 180 days.

I can only hope folk will reconsider email for all communications.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.