Ask a question
Search in Wireless Forums

Wireless Forum

Reply
Posted Feb 8, 2013
10:02:44 AM
View profile
Password shown when logging in

Frankly I'm not sure this is the proper place for this, but I couldn't find a way to log a bug about AT&T's website anywhere else - I noticed that while typing in my password my password was visible, one character at a time before the character was blacked out. This seems like a major bug. Despite the fact that the input field is of type "password", it looks like there's JavaScript executing on keypress, changing the character out to some image, rather than just letting the browser do it's thing. The delay in replacing the character and not just letting the browser do what it's supposed to do is a serious security concern for anyone logging in to manage their account.

 

I'm running Windows 7, using the latest stable build of Chrome when this happens.

Frankly I'm not sure this is the proper place for this, but I couldn't find a way to log a bug about AT&T's website anywhere else - I noticed that while typing in my password my password was visible, one character at a time before the character was blacked out. This seems like a major bug. Despite the fact that the input field is of type "password", it looks like there's JavaScript executing on keypress, changing the character out to some image, rather than just letting the browser do it's thing. The delay in replacing the character and not just letting the browser do what it's supposed to do is a serious security concern for anyone logging in to manage their account.

 

I'm running Windows 7, using the latest stable build of Chrome when this happens.

Password shown when logging in

2,942 views
14 replies
(0) Me too
(0) Me too
Reply
View all replies
(14)
0
(0)
  • Rate this reply
View profile
Jan 26, 2013 3:18:11 PM
0
(0)
Mentor

When I go to att.com/myatt to login to my account, the Password Field actually shows the password. Instead of showing little black dots.

I have tried this on several computers. My computers, other computers, public computers. All Computers.

Is anyone else having this problem?

I would like to log in to my account, but I don't want my password showing as I type.


Things to know:

1) this started happening about 1 week ago
2) this only happens on AT&T's website (aka email, bank accounts, etc. work as expected)

Can someone share their experince?

When I go to att.com/myatt to login to my account, the Password Field actually shows the password. Instead of showing little black dots.

I have tried this on several computers. My computers, other computers, public computers. All Computers.

Is anyone else having this problem?

I would like to log in to my account, but I don't want my password showing as I type.


Things to know:

1) this started happening about 1 week ago
2) this only happens on AT&T's website (aka email, bank accounts, etc. work as expected)

Can someone share their experince?

SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

1 of 15 (3,601 Views)
0
(0)
  • Rate this reply
View profile
Jan 26, 2013 7:37:46 PM
0
(0)
Mentor
Can someone confirm this for me please?

Please do me a favor and go to www.att.com/myatt

and please just try to type some random letters/numbers into the Password Box and see if this happens to you too?

TIA
Can someone confirm this for me please?

Please do me a favor and go to www.att.com/myatt

and please just try to type some random letters/numbers into the Password Box and see if this happens to you too?

TIA

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

2 of 15 (3,561 Views)
Highlighted
0
(0)
  • Rate this reply
View profile
Jan 27, 2013 8:16:19 AM
0
(0)
Former Employee

I get all dots.

 

d.

I get all dots.

 

d.

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

3 of 15 (3,528 Views)
0
(0)
  • Rate this reply
View profile
Jan 29, 2013 11:58:39 AM
0
(0)
Professor

drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.


drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

4 of 15 (3,469 Views)
0
(0)
  • Rate this reply
View profile
Jan 31, 2013 11:53:49 AM
0
(0)
Mentor

Max69 wrote:

drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.


This is very bad.

 

Before, it would show the password all the time.  Now it shows the password for half a second and then changes to dots.

 

So, it seems like AT&T is working on it.  But it is still very bad, very unsecure!

 

I hope AT&T fixes this!!


Max69 wrote:

drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.


This is very bad.

 

Before, it would show the password all the time.  Now it shows the password for half a second and then changes to dots.

 

So, it seems like AT&T is working on it.  But it is still very bad, very unsecure!

 

I hope AT&T fixes this!!

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

5 of 15 (3,398 Views)
0
(0)
  • Rate this reply
View profile
Jan 31, 2013 2:26:07 PM
0
(0)
Expert

cellnewbie09 wrote:

Max69 wrote:

drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.


This is very bad.

 

Before, it would show the password all the time.  Now it shows the password for half a second and then changes to dots.

 

So, it seems like AT&T is working on it.  But it is still very bad, very unsecure!

 

I hope AT&T fixes this!!


it appears to be shorter then a half second, but if you hit the next character in the password the previous character is turned to a dot immediately.  Accessing my bank and credit card accounts via mobile and web do the same thing.


cellnewbie09 wrote:

Max69 wrote:

drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.


This is very bad.

 

Before, it would show the password all the time.  Now it shows the password for half a second and then changes to dots.

 

So, it seems like AT&T is working on it.  But it is still very bad, very unsecure!

 

I hope AT&T fixes this!!


it appears to be shorter then a half second, but if you hit the next character in the password the previous character is turned to a dot immediately.  Accessing my bank and credit card accounts via mobile and web do the same thing.

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

6 of 15 (3,382 Views)
0
(0)
  • Rate this reply
View profile
Feb 2, 2013 12:10:48 PM
0
(0)
Guru

See my post of 12-09-12

 

 

http://forums.att.com/t5/Wireless-Online-Account-Access/OLAM-signin-password/td-p/3376447

 

Been going on since then. I got no answer from anyone then so i thought it was just me. Mine is still doing this, but i only log in from my home computer so i don't worry about it so much. But i guess it is more widespread now.

Definitely have a coding problem in the system.

See my post of 12-09-12

 

 

http://forums.att.com/t5/Wireless-Online-Account-Access/OLAM-signin-password/td-p/3376447

 

Been going on since then. I got no answer from anyone then so i thought it was just me. Mine is still doing this, but i only log in from my home computer so i don't worry about it so much. But i guess it is more widespread now.

Definitely have a coding problem in the system.

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

7 of 15 (3,259 Views)
0
(0)
  • Rate this reply
View profile
Feb 3, 2013 2:41:06 AM
0
(0)
Expert

stclair49 wrote:

See my post of 12-09-12

 

 

http://forums.att.com/t5/Wireless-Online-Account-Access/OLAM-signin-password/td-p/3376447

 

Been going on since then. I got no answer from anyone then so i thought it was just me. Mine is still doing this, but i only log in from my home computer so i don't worry about it so much. But i guess it is more widespread now.

Definitely have a coding problem in the system.


doubt it is a coding problem, hav it happen on other accounts outside of my att accounts - seems to be that way when there is a mobile app to access the account and a normal web based app to access the same account.

 

Can understand it becasue with todays touch screens and keyboards on mobile devices it is really easy to think you are pressing the R key and it is accuually the E or T key that you are pressing, get a invalid password 3 times like that and you account is locked, the you have to call the organization to get it unlocked. Personally can live with the brief displace of the keystroke for verification, but then I make sure that n one is arround me when I type my passwords on the mobile app or staring at my keyboard on the web app. In the keyboard senario it is a lot easier to grab the password by watching the keys that are being pressed then the breif display on the screen


stclair49 wrote:

See my post of 12-09-12

 

 

http://forums.att.com/t5/Wireless-Online-Account-Access/OLAM-signin-password/td-p/3376447

 

Been going on since then. I got no answer from anyone then so i thought it was just me. Mine is still doing this, but i only log in from my home computer so i don't worry about it so much. But i guess it is more widespread now.

Definitely have a coding problem in the system.


doubt it is a coding problem, hav it happen on other accounts outside of my att accounts - seems to be that way when there is a mobile app to access the account and a normal web based app to access the same account.

 

Can understand it becasue with todays touch screens and keyboards on mobile devices it is really easy to think you are pressing the R key and it is accuually the E or T key that you are pressing, get a invalid password 3 times like that and you account is locked, the you have to call the organization to get it unlocked. Personally can live with the brief displace of the keystroke for verification, but then I make sure that n one is arround me when I type my passwords on the mobile app or staring at my keyboard on the web app. In the keyboard senario it is a lot easier to grab the password by watching the keys that are being pressed then the breif display on the screen

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

8 of 15 (3,230 Views)
0
(0)
  • Rate this reply
View profile
Feb 7, 2013 8:36:42 AM
0
(0)
Mentor
This post is not about apps or mobile apps or accessing www.att.com/myatt though the cell phone.

This Post is about regular browsers on regular desktop computers.

When I try to login on my DESKTOP (not app!!) the password shows for about 2 secs and then turns into the black dots.

This is NOT expected to happen in the year 2013. Regardless of whether one tries to login via DESKTOP (what this post is about) or via mobile devices.

Please reread this post and offer positive responses before replying.
This post is not about apps or mobile apps or accessing www.att.com/myatt though the cell phone.

This Post is about regular browsers on regular desktop computers.

When I try to login on my DESKTOP (not app!!) the password shows for about 2 secs and then turns into the black dots.

This is NOT expected to happen in the year 2013. Regardless of whether one tries to login via DESKTOP (what this post is about) or via mobile devices.

Please reread this post and offer positive responses before replying.

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

9 of 15 (3,031 Views)
0
(0)
  • Rate this reply
View profile
Feb 7, 2013 9:33:48 AM
0
(0)
Expert
Edited by wingrider01 on Feb 7, 2013 at 9:35:23 AM

cellnewbie09 wrote:
This post is not about apps or mobile apps or accessing www.att.com/myatt though the cell phone.

This Post is about regular browsers on regular desktop computers.

When I try to login on my DESKTOP (not app!!) the password shows for about 2 secs and then turns into the black dots.

This is NOT expected to happen in the year 2013. Regardless of whether one tries to login via DESKTOP (what this post is about) or via mobile devices.

Please reread this post and offer positive responses before replying.

it shows on mine for less then a half second, if you immediately type the next character the first one is hidden as soon as you depress the next key - IE 9 & IE 10 both react the same way. I did read it and tested it on both mobile access, a wirelessly connected laptop and a hardwired desktop.


cellnewbie09 wrote:
This post is not about apps or mobile apps or accessing www.att.com/myatt though the cell phone.

This Post is about regular browsers on regular desktop computers.

When I try to login on my DESKTOP (not app!!) the password shows for about 2 secs and then turns into the black dots.

This is NOT expected to happen in the year 2013. Regardless of whether one tries to login via DESKTOP (what this post is about) or via mobile devices.

Please reread this post and offer positive responses before replying.

it shows on mine for less then a half second, if you immediately type the next character the first one is hidden as soon as you depress the next key - IE 9 & IE 10 both react the same way. I did read it and tested it on both mobile access, a wirelessly connected laptop and a hardwired desktop.

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

[ Edited ]
10 of 15 (3,022 Views)
0
(0)
  • Rate this reply
View profile
Mar 7, 2013 10:29:43 AM
0
(0)
Contributor

Apparently, this has been going on for a while.  I've reported the password log in problem to ATT twice and did not get any good results. The first time, I was told the problem was going to be corrected, but the representative didn't know when.  Over a month later, I reported it again and was told it wasn't ATT's problem, that I had to contact my e-mail provider.  However, I don't have the same problem on my e-mail or when logging into any other website.  This is a security problem, but I don't think ATT is taking it seriously.  Seems they are not reading this forum for clues to what's going on and not giving good customer service.

Apparently, this has been going on for a while.  I've reported the password log in problem to ATT twice and did not get any good results. The first time, I was told the problem was going to be corrected, but the representative didn't know when.  Over a month later, I reported it again and was told it wasn't ATT's problem, that I had to contact my e-mail provider.  However, I don't have the same problem on my e-mail or when logging into any other website.  This is a security problem, but I don't think ATT is taking it seriously.  Seems they are not reading this forum for clues to what's going on and not giving good customer service.

Re: Password shown when logging in

12 of 15 (2,462 Views)
0
(0)
  • Rate this reply
View profile
Mar 12, 2013 6:38:22 AM
0
(0)
Tutor

This is purely a coding issue on AT&Ts website.

 

First of all, their password input field is coded as a text field instead of a password field. So everything you type in goes in as plain viewable text.

 

<input id="password" class="inputClass" type="text" tabindex="2" title="Password" size="30" value="" onkeypress="validateCapsLock(event);" onblur="PasswordBoxFocusOutImgChange();" onfocus="PasswordBoxFocusImgChange()" autocomplete="off" real="password">

As far as I can tell, the original password field does exist. However, it is no longer assigned the id of password and it's style display is set to none to hide it.

 

<input class="inputClass" type="Password" tabindex="2" title="Password" name="password" size="30" value="" onkeypress="validateCapsLock(event);" onblur="PasswordBoxFocusOutImgChange();" onfocus="PasswordBoxFocusImgChange()" style="display: none;">

 

Because of this ridiculously insecure method, they are also using javascript to store your password as you type it in a "real" value on the input field so it can "replace" your password with the circles as you type.

 

I don't know why anyone would think this is a great idea -- I don't care if you're using a tablet PC or not -- this is not a mobile device, this is not a website to be displayed on mobile devices, this is a full desktop page. This means an increased security risk. Now, all it takes is someone glancing at my screen to get my password as I type it.

This is purely a coding issue on AT&Ts website.

 

First of all, their password input field is coded as a text field instead of a password field. So everything you type in goes in as plain viewable text.

 

<input id="password" class="inputClass" type="text" tabindex="2" title="Password" size="30" value="" onkeypress="validateCapsLock(event);" onblur="PasswordBoxFocusOutImgChange();" onfocus="PasswordBoxFocusImgChange()" autocomplete="off" real="password">

As far as I can tell, the original password field does exist. However, it is no longer assigned the id of password and it's style display is set to none to hide it.

 

<input class="inputClass" type="Password" tabindex="2" title="Password" name="password" size="30" value="" onkeypress="validateCapsLock(event);" onblur="PasswordBoxFocusOutImgChange();" onfocus="PasswordBoxFocusImgChange()" style="display: none;">

 

Because of this ridiculously insecure method, they are also using javascript to store your password as you type it in a "real" value on the input field so it can "replace" your password with the circles as you type.

 

I don't know why anyone would think this is a great idea -- I don't care if you're using a tablet PC or not -- this is not a mobile device, this is not a website to be displayed on mobile devices, this is a full desktop page. This means an increased security risk. Now, all it takes is someone glancing at my screen to get my password as I type it.

Re: Password shown when logging in

13 of 15 (2,368 Views)
0
(0)
  • Rate this reply
View profile
Mar 12, 2013 6:18:23 PM
0
(0)
Mentor

Wow that's a lot of good information.  I hope Att will see this.

 

 

I had call them about this months ago and they didn't seem to care.  

 

 

And still to this day, this is an issue.  Thanks for the info!  I hope att will see this and do something this time.

Wow that's a lot of good information.  I hope Att will see this.

 

 

I had call them about this months ago and they didn't seem to care.  

 

 

And still to this day, this is an issue.  Thanks for the info!  I hope att will see this and do something this time.

Re: Password shown when logging in

14 of 15 (2,303 Views)
0
(0)
  • Rate this reply
View profile
Jul 4, 2013 11:35:26 AM
0
(0)
Tutor

They may have fixed it. I just tried it on:

My desktop using Firefox and IE - displayed dots.

 

My Andoid device (Galaxy Note 1) using default browser - got brief letters then dots.

and using Dolphin browser  - got brief letters then dots.

 

These are the expected results.

They may have fixed it. I just tried it on:

My desktop using Firefox and IE - displayed dots.

 

My Andoid device (Galaxy Note 1) using default browser - got brief letters then dots.

and using Dolphin browser  - got brief letters then dots.

 

These are the expected results.

Re: Password shown when logging in

15 of 15 (1,550 Views)
Advanced
You must be signed in to add attachments
Share this post
Share this post