Moneybookers Password Security: A Complete Joke???

    • datsmahname
      datsmahname
      Global
      Joined: 23.11.2009 Posts: 1,366
      I created my account recently, and quickly forgot the password... so i reset it.

      To do this you only need the email used to set up the account and the birthday input when signing up.

      Then without any other information you can reset the password. My email recieved notification of this, but thats it.

      SECURITY = LULS?

      yeah, i think so.

      How can I possible feel secure about having money on there when anyone who bothers to find out could fairly easily gather this info?

      Hell, It seems like my MB account would be more secure if i gave them bogus information.

      Am I missing something?
  • 10 replies
    • zamoda
      zamoda
      Bronze
      Joined: 16.03.2009 Posts: 509
      I think you are not missing anything.. they dont have RSA token, or something similar for extra layer of protection. But what you could do is make your email more secure. E.g. if you use gmail they offer 2 step verification, more info at:
      http://www.google.com/support/accounts/bin/static.py?page=guide.cs&guide=1056283&topic=1056284
    • datsmahname
      datsmahname
      Global
      Joined: 23.11.2009 Posts: 1,366
      they do have an RSA token. I sent an email & they replied saying they had enabled an application for it. still, what good is a random password if you can create your own? maybe it operates differently at that point?

      idk this password thing really has me wondering..
    • datsmahname
      datsmahname
      Global
      Joined: 23.11.2009 Posts: 1,366
      Dear _____,

      Thank you for contacting our customer support team.

      Further to your enquiry regarding our password retrieval procedure, we would like to inform you that Moneybookers is applying sophisticated checks which are not transparent to our customers. Please rest assured that we would never sacrifice the security of our customers’ accounts.

      Additionally, your Moneybookers account has been now enabled for Security Token application. In case you would like to increase the security of your login credentials, you could submit your application on the "Security Centre", available on your Moneybookers account.

      We hope that you find this information useful. Do not hesitate to contact us again, in case you have any further questions or concerns.

      Sincerely,

      The Moneybookers Team


      Reading the first paragraph all i could think was "Security through Obscurity." Idonno, lots of people use this and yada yada... I'm to tired to think about it.
    • thazar
      thazar
      Bronze
      Joined: 14.09.2009 Posts: 6,560
      Hi Datsmahname

      well to get your password the persons needs to have your date of birth and access to your email.

      But of course RSA token is the nutz.

      Regards

      Thazar
    • OZSA
      OZSA
      Bronze
      Joined: 18.05.2009 Posts: 804
      if you have RSA and they hack you, its because you keep more then 1mill $ on your account, otherwise they wont bother hacking RSA, its very hard..I ordered for MB and PS aswell, everyone should buy those tokens.
    • doctorkgb
      doctorkgb
      Bronze
      Joined: 01.04.2009 Posts: 1,263
      Few days ago, they send me security number to mobile phone , so I had to enter those digits to retrive password
    • lessthanthreee
      lessthanthreee
      Bronze
      Joined: 30.06.2009 Posts: 16,300
      want to order an RSA token. cant find a link or email. can anyone help?
    • datsmahname
      datsmahname
      Global
      Joined: 23.11.2009 Posts: 1,366
      Try logging in & click "Security Centre" along the left hand menu. If that option isn't available email pokerstrategy@moneybookers.com and ask about them. I was told they enabled this option. They're like 21 bucks.
    • datsmahname
      datsmahname
      Global
      Joined: 23.11.2009 Posts: 1,366
      After inquiring here and also on 2+2 I've learned that password reset security improves at least at some point when you have more information in your account.

      For instance, i learned from a member who has bank details in his account that when he tried to reset his password he must provide these details.

      This player does have the RSA token and a VIP account, but probably having those initial details is enough to improve your account security.
    • MissNatalia
      MissNatalia
      Bronze
      Joined: 07.03.2011 Posts: 368
      Hi datsmahname,

      What I can say from my side is the fact that this is not the standard retrieval procedure and there's no standard retrieval procedure for all the accounts.

      Depending on the account of Moneybookers member, the password retrieval procedures will change and apply differently to each account.

      What the account holder is requested to do - depends on numerous factors and checks in the back-end.

      Best Regards,
      Natalia

      B2B - Key Account Manager
      PokerStrategy.com