Password shown when logging in

Contributor

Password shown when logging in

Frankly I'm not sure this is the proper place for this, but I couldn't find a way to log a bug about AT&T's website anywhere else - I noticed that while typing in my password my password was visible, one character at a time before the character was blacked out. This seems like a major bug. Despite the fact that the input field is of type "password", it looks like there's JavaScript executing on keypress, changing the character out to some image, rather than just letting the browser do it's thing. The delay in replacing the character and not just letting the browser do what it's supposed to do is a serious security concern for anyone logging in to manage their account.

 

I'm running Windows 7, using the latest stable build of Chrome when this happens.

Message 11 of 15 (2,998 Views)

SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

When I go to att.com/myatt to login to my account, the Password Field actually shows the password. Instead of showing little black dots.

I have tried this on several computers. My computers, other computers, public computers. All Computers.

Is anyone else having this problem?

I would like to log in to my account, but I don't want my password showing as I type.


Things to know:

1) this started happening about 1 week ago
2) this only happens on AT&T's website (aka email, bank accounts, etc. work as expected)

Can someone share their experince?

Message 1 of 15 (3,657 Views)

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

Can someone confirm this for me please?

Please do me a favor and go to www.att.com/myatt

and please just try to type some random letters/numbers into the Password Box and see if this happens to you too?

TIA
Message 2 of 15 (3,617 Views)
Former Employee

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

I get all dots.

 

d.

Message 3 of 15 (3,584 Views)
Highlighted
Professor

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!


drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.

Message 4 of 15 (3,525 Views)

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!


Max69 wrote:

drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.


This is very bad.

 

Before, it would show the password all the time.  Now it shows the password for half a second and then changes to dots.

 

So, it seems like AT&T is working on it.  But it is still very bad, very unsecure!

 

I hope AT&T fixes this!!

Message 5 of 15 (3,454 Views)
Expert

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!


cellnewbie09 wrote:

Max69 wrote:

drumn_bass wrote:

I get all dots.

 

d.


Ditto for me. It does show each character for half a second, but changes to dots.


This is very bad.

 

Before, it would show the password all the time.  Now it shows the password for half a second and then changes to dots.

 

So, it seems like AT&T is working on it.  But it is still very bad, very unsecure!

 

I hope AT&T fixes this!!


it appears to be shorter then a half second, but if you hit the next character in the password the previous character is turned to a dot immediately.  Accessing my bank and credit card accounts via mobile and web do the same thing.

Message 6 of 15 (3,438 Views)

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

See my post of 12-09-12

 

 

http://forums.att.com/t5/Wireless-Online-Account-Access/OLAM-signin-password/td-p/3376447

 

Been going on since then. I got no answer from anyone then so i thought it was just me. Mine is still doing this, but i only log in from my home computer so i don't worry about it so much. But i guess it is more widespread now.

Definitely have a coding problem in the system.

Message 7 of 15 (3,315 Views)
Expert

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!


stclair49 wrote:

See my post of 12-09-12

 

 

http://forums.att.com/t5/Wireless-Online-Account-Access/OLAM-signin-password/td-p/3376447

 

Been going on since then. I got no answer from anyone then so i thought it was just me. Mine is still doing this, but i only log in from my home computer so i don't worry about it so much. But i guess it is more widespread now.

Definitely have a coding problem in the system.


doubt it is a coding problem, hav it happen on other accounts outside of my att accounts - seems to be that way when there is a mobile app to access the account and a normal web based app to access the same account.

 

Can understand it becasue with todays touch screens and keyboards on mobile devices it is really easy to think you are pressing the R key and it is accuually the E or T key that you are pressing, get a invalid password 3 times like that and you account is locked, the you have to call the organization to get it unlocked. Personally can live with the brief displace of the keystroke for verification, but then I make sure that n one is arround me when I type my passwords on the mobile app or staring at my keyboard on the web app. In the keyboard senario it is a lot easier to grab the password by watching the keys that are being pressed then the breif display on the screen

Message 8 of 15 (3,286 Views)

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

This post is not about apps or mobile apps or accessing www.att.com/myatt though the cell phone.

This Post is about regular browsers on regular desktop computers.

When I try to login on my DESKTOP (not app!!) the password shows for about 2 secs and then turns into the black dots.

This is NOT expected to happen in the year 2013. Regardless of whether one tries to login via DESKTOP (what this post is about) or via mobile devices.

Please reread this post and offer positive responses before replying.
Message 9 of 15 (3,087 Views)
Expert

Re: SECURITY FLAW!! Myatt Login Password is Showing. Att Website SECURITY FLAW!!

[ Edited ]

cellnewbie09 wrote:
This post is not about apps or mobile apps or accessing www.att.com/myatt though the cell phone.

This Post is about regular browsers on regular desktop computers.

When I try to login on my DESKTOP (not app!!) the password shows for about 2 secs and then turns into the black dots.

This is NOT expected to happen in the year 2013. Regardless of whether one tries to login via DESKTOP (what this post is about) or via mobile devices.

Please reread this post and offer positive responses before replying.

it shows on mine for less then a half second, if you immediately type the next character the first one is hidden as soon as you depress the next key - IE 9 & IE 10 both react the same way. I did read it and tested it on both mobile access, a wirelessly connected laptop and a hardwired desktop.

Message 10 of 15 (3,078 Views)
Contributor

Re: Password shown when logging in

Apparently, this has been going on for a while.  I've reported the password log in problem to ATT twice and did not get any good results. The first time, I was told the problem was going to be corrected, but the representative didn't know when.  Over a month later, I reported it again and was told it wasn't ATT's problem, that I had to contact my e-mail provider.  However, I don't have the same problem on my e-mail or when logging into any other website.  This is a security problem, but I don't think ATT is taking it seriously.  Seems they are not reading this forum for clues to what's going on and not giving good customer service.

Message 12 of 15 (2,518 Views)
Tutor

Re: Password shown when logging in

This is purely a coding issue on AT&Ts website.

 

First of all, their password input field is coded as a text field instead of a password field. So everything you type in goes in as plain viewable text.

 

<input id="password" class="inputClass" type="text" tabindex="2" title="Password" size="30" value="" onkeypress="validateCapsLock(event);" onblur="PasswordBoxFocusOutImgChange();" onfocus="PasswordBoxFocusImgChange()" autocomplete="off" real="password">

As far as I can tell, the original password field does exist. However, it is no longer assigned the id of password and it's style display is set to none to hide it.

 

<input class="inputClass" type="Password" tabindex="2" title="Password" name="password" size="30" value="" onkeypress="validateCapsLock(event);" onblur="PasswordBoxFocusOutImgChange();" onfocus="PasswordBoxFocusImgChange()" style="display: none;">

 

Because of this ridiculously insecure method, they are also using javascript to store your password as you type it in a "real" value on the input field so it can "replace" your password with the circles as you type.

 

I don't know why anyone would think this is a great idea -- I don't care if you're using a tablet PC or not -- this is not a mobile device, this is not a website to be displayed on mobile devices, this is a full desktop page. This means an increased security risk. Now, all it takes is someone glancing at my screen to get my password as I type it.

Message 13 of 15 (2,424 Views)

Re: Password shown when logging in

Wow that's a lot of good information.  I hope Att will see this.

 

 

I had call them about this months ago and they didn't seem to care.  

 

 

And still to this day, this is an issue.  Thanks for the info!  I hope att will see this and do something this time.

Message 14 of 15 (2,359 Views)
Tutor

Re: Password shown when logging in

They may have fixed it. I just tried it on:

My desktop using Firefox and IE - displayed dots.

 

My Andoid device (Galaxy Note 1) using default browser - got brief letters then dots.

and using Dolphin browser  - got brief letters then dots.

 

These are the expected results.

Message 15 of 15 (1,606 Views)
Share this topic
Announcements

Welcome to the AT&T Community Forums!!! Stop by the Community How-To section for tips on how to get started.