Jump to content
Sign in to follow this  
Viktor

Beta-testing KMS 9.4.95 (Symbian): Password Recovery

Recommended Posts

Topic for bugs and suggestions

 

Viktor.

 

No problem with this feature, but always is sent the same recover code to the email.

 

 

 

Share this post


Link to post
Viktor.

 

No problem with this feature, but always is sent the same recover code to the email.

 

I cannot find explanation clear about this. I has entered at installation my email address, for password delivery from KMS service when the secret code has missing or forget. But not shows how to recover the code neither how to request it to KMS...

 

Helps and manual not makes reference to password or secret code recovery, or this item is not clearly explained... (for me at less, and then for common user)... :dash1:

Share this post


Link to post
I cannot find explanation clear about this. I has entered at installation my email address, for password delivery from KMS service when the secret code has missing or forget. But not shows how to recover the code neither how to request it to KMS...

 

Helps and manual not makes reference to password or secret code recovery, or this item is not clearly explained... (for me at less, and then for common user)... :dash1:

In the screen where you enter the code click cancel/close(or whatever it is called) and it will ask you if you want to use the feature!!

Share this post


Link to post
In the screen where you enter the code click cancel/close(or whatever it is called) and it will ask you if you want to use the feature!!

 

Off course, man, I said I has typed at KMS installation my email address, for password delivery from KMS service when the secret code has missing or forget. But, the installation screen not shows how to recover, in the future, the code neither how to request it to KMS... (Do you read my post?? or I have not been clear... )...

 

That mean what it not is said in installation neither in help or manual, is what user must make when user forget or miss password... How to use this feature...

 

How will recover secret code??? User must send email to Kaspersky?? Kaspersky will "guess" that user has lost his code?? Santa Claus will deliver the code in each Christmas??

 

Share this post


Link to post
(Do you read my post?? or I have not been clear... )

How will recover secret code???

Maybe its you the one who didn't read my post :rolleyes:

I didn't say anything about installation!

When you open KMS it opens a screen that asks for the code! In this screen choose cancel/close(or whatever it is called)!!

Share this post


Link to post
Maybe its you the one who didn't read my post :rolleyes:

I didn't say anything about installation!

When you open KMS it opens a screen that asks for the code! In this screen choose cancel/close(or whatever it is called)!!

 

Hi guys,

 

It works as follows:

 

When you enter KMS it asks for a code right? Then you choose Cancel and appears a message asking if you forget your password, you choose Yes and finally there are some instructions to recover the password in http://mobile.kaspersky.com/. Look at the pictures.

 

post-76442-1296825113_thumb.jpg

post-76442-1296825119_thumb.jpg

post-76442-1296825127_thumb.jpg

Share this post


Link to post
Hi guys,

 

It works as follows:

 

When you enter KMS it asks for a code right? Then you choose Cancel and appears a message asking if you forget your password, you choose Yes and finally there are some instructions to recover the password in http://mobile.kaspersky.com/. Look at the pictures.

 

Yes, it's clear. thanks.

 

Sorry with my insistence, it's a dense matter for a single post, but very important for security.

 

I said clearly that I has typed at KMS installation my email address because at installation and not at other instance, recovery password feature asked me the email, NOT the code, what off course appears on each KMS login... That's all.

 

But this not is the matter... No matter if it happens in installation or in other moments of use, the issue in my opinion is that user is not informed BEFORE about how to he could recover the code. I'm thinking about that users are affected for the emergency of lost or forget the password and, in this situation, is more possible, if they doesn't knows this feature, that they stay more confused yet... Should include explicit reference to this in helps and manual (I don't saw it) .

 

Let see now the fact of user that after several attemps with wrong passwords, will be forced to press Cancel, in this point I ask:

Is it not a security risk that the user could write wrong passwords countless times???

I has typed 15 wrong passwords, and I could follow with more attemps...

Then: we are providing to a thief a indetermined number of attemps and, so, maybe he "hits" to secret code (with a previous social engineering it's very easy) ...

 

So, I suggest to limit typed passwords to 3 or 5 attemps...

And later, then, yes, that opens screen with warning offering the feature password recovery.... But, please, ONE THING MORE: ¡¡¡WITHOUT SHOW IMEI OF THE PHONE in text!!!

Edited by RickAr

Share this post


Link to post
Yes, it's clear. thanks.

 

Let see now the fact of user that after several attemps with wrong passwords, will be forced to press Cancel, in this point I ask:

Is it not a security risk that the user could write wrong passwords countless times???

I has typed 15 wrong passwords, and I could follow with more attemps...

Then: we are providing to a thief a indetermined number of attemps and, so, maybe acierte with the code (with a previous social inteligence it's very easy) ...

 

So, I suggest to limit typed passwords to 3 or 5 attemps...

And later, then, yes, that opens screen with warning offering the feature password recovery.... But, please, ONE THING MORE: ¡¡¡WITHOUT SHOW IMEI OF THE PHONE in text!!!

 

Thanks for your suggestions.

 

I think that asking for an email for recovering password should explain that you cannot set up it later. On the other hand I believe that guess a password of 5 or more characters is difficult according to the complex of the password, don't use weak passwords. Finally, the option of showing Imei is useful for people that don't know how to get it.

Share this post


Link to post
Thanks for your suggestions.

 

I think that asking for an email for recovering password should explain that you cannot set up it later. On the other hand I believe that guess a password of 5 or more characters is difficult according to the complex of the password, don't use weak passwords. Finally, the option of showing Imei is useful for people that don't know how to get it.

 

First: I edited two terms in my last post, where had two typing errors. One: "acierte" (spanish, It has scaped me :), changed by "hits" . Other: "social inteligence", changed for "social engineering", more appropiate. Sorry.

 

Respect to Abbath Doom reply, OK, but beyond of complex of password of 5 or more characters, that is right, I mean that the fact of able make countless attemps typing passwords, without a limit of attemps, is not a recomended on any security system. I had referenced this issue...

 

About the option of showing Imei, it's true that people generally unknown how to get IMEI, but maybe IMEI could be less exposed. In place of show IMEI, you could include a brief explanation of how to get it in the helps and the manual with special recomendation of keep very well saved the IMEI.... It's like ADN of phone, as for leaving it at the light...

Share this post


Link to post
Respect to Abbath Doom reply, OK, but beyond of complex of password of 5 or more characters, that is right, I mean that the fact of able make countless attemps typing passwords, without a limit of attemps, is not a recomended on any security system. I had referenced this issue...

 

You are talking about something like blocking the mobile for a while after several attemps and then try again or block it definitely and only unblock it with a recovery code?

 

In place of show IMEI, you could include a brief explanation of how to get it in the helps and the manual with special recomendation of keep very well saved the IMEI.... It's like ADN of phone, as for leaving it at the light...

 

It is so difficult because according to the mobile brand, the way of getting it changes, doesn't it?

Share this post


Link to post
You are talking about something like blocking the mobile for a while after several attemps and then try again or block it definitely and only unblock it with a recovery code?

 

Yes, something like this... The same that in logon process in any networking.

So as Kaspersky keeps the password or secret code of login, also could save a recovery code for instances when user has exceded the set of attemps. And send to user email the secret code and also the recovery code, because (very relatively, off course) the email address of user is supposed to be the most inviolable...

 

Then, well, let go beyond this...

 

By the way, all of us knows the weakness of http, pop3 for critical data.

For that reason, also, maybe KL could give to buyer of KMS, along with activation key of product, a secret recovery code for cases like commented before. This could be the way most secure and consistent with the prestige of KL. So, user could trust that your data and phone are in very secure hands, because the fact trough a email (that is NOT delivery by https nor encrypted) send IMEI and wait for a return of secret code by same way "poorly secure" is not very convincing in the world current...

 

Nobody wanna install a advanced and high protection as KMS on a cellular if it don't gives trusted and security. If he makes it its because is advanced user and with significant data to protect.

 

It is so difficult because according to the mobile brand, the way of getting it changes, doesn't it?

 

Yes, I agree. Then, along with activation key of product, KL could send to user, beside of the secret recovery code, the IMEI of phone user (always KL will ask this data to user al moment of buy). So it will avoid send through email the IMEI. Only KL and user will see this data.

 

 

Share this post


Link to post
Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.