Seeking Alpha's password security

January 5, 2010 in Internet

As you may know, TGR is occasionally syndicated on Seeking Alpha. This weekend, Seeking Alpha underwent a redesign in order to incorporate a number of new features largely focused on enhancing discussion, like nested comments and notifications.

Unfortunately, one issue that has persisted is that Seeking Alpha passwords are displayed in plaintext:

This is quite disconcerting to anyone used to seeing password fields filled with ***'s, but creates a major security concern beyond simple asthetics. Most modern browsers have an autocomplete feature: they remember what you type in text fields so that they can suggest phrases for you the next time you visit that field, thereby saving previous keystrokes and time. The behavior is designed to specifically ignore passwords.

Because the Seeking Alpha password fields are not designated as such, browsers will add anything typed there to their autocomplete repetoire. As a result, I was extremely surprised when, after typing just the first letter of my password, my browser offered me the phrase in its entirety! It's one thing to see that on my home computer (and it's actually weird to see passwords in plaintext) - but this could easily have played out on a public machine, in a library, etc.

I got in touch with Seeking Alpha last night and was assured that they are having a look at the issue - and I have to say, I've always been impressed by the level of response and support from their contributor relations team. In the meantime, I encourage everyone to be careful with their passwords; I have taken the precautionary measure of changing mine (and yes, the change password field also displays plaintext).

{ 2 comments… read them below or add one }

Leave a Comment

Previous post:

Next post: