-
-
I just wanted to let someone know that 2020.net is NOT secured by HTTPS. Since users enter passwords on this site, and many people re-use passwords, it would be greatly appreciated if 2020 would secure the 2020.net site with HTTPS so our passwords are not compromised.
For people logging in to 2020.net – do not use a password that you use elsewhere!!!. A hacker could potentially steal your password from this site since right now since it is not yet encrypted by HTTPS.
If you have used a password here that you use elsewhere, I would strongly recommend changing the passwords that you use for those other websites, especially if you use the same password for financial websites.
To see if any website is secured by HTTPS, look to the left of the address bar. If there is a green lock, it is secure. If there is any other sign there (a world sign, a gray lock with a red line through it), or if it says “Not secure”, then you should NOT enter any sensitive information on that website, such as passwords or financial info. See the attached screenshot for an example.
Attachments:
-
Hi Neil,
As of today (April 25th, 2017), it has been a month since I notified 2020 (via email and this forum) of the security issue on 2020.net. It looks like they have added HTTPS capability to the site, but it does not go to the HTTPS site by default. They need to make the site automatically go to https://www.2020.net/ whenever someone types in 2020.net. If it does not go to the https site automatically, any user’s password can still be eavesdropped on by a hacker.
Not trying to be a pest, but this is a rather serious issue. Thanks!
EDIT: The HTTPS site appears broken when you log in, so they have not fully fixed the problem yet. You can log in with the https://www.2020.net/ web page, but once you are logged in, you have to type in http://www.2020.net to get the page to display properly.
-
To all 2020.net users!
HTTPS is still not implemented on 2020.net. This means that any hacker can see the email and password you use to log in to 2020.net. If you have used this password anywhere else, please change the password there!!!
It’s been THREE YEARS since I notified 2020 about this security vulnerability. I’ve notified 2020 here and through the support email, and it still has not been fixed.
Security is not optional. Security should not be an afterthought. The lack of security on 2020.net shows a complete disregard for every user’s privacy and security. 2020 should be ashamed of themselves for not fixing this.
I apologize for the confrontational tone, but three years is far too long.
P.S. If 2020 Technology employees reuse passwords here, that is a vulnerability to the company as well.
Website Hacking Statistics in 2020
Attachments:
-
Hi Alex,
We are taking measurements to migrate to a more newer and secure environment, we indeed care and understand how important this is. The transition is taking a bit longer than expected but please rest assured that this is in progress.
In the meantime I would like to recommend here, a method to securely access our site. Although I am certain you already follow this, for the rest of the community on the Forums this can be beneficial :
1. Do not share your password with anyone
2. Do not write down your password
3.Consider using a passphrase instead of a password
> Password length is the single-most important factor in its security
4. Do not use the same password across multiple accounts
5. Change your password if there is any indication of compromise.
We appreciate your feedback and as the updates take place on the site, we will update you via this channel.
Regards,
Kris
-
You must be logged in to reply to this topic.
Share this Post