Security: Emailing passwords???
It means that if an email provider (e.g. yahoo) or a companies email server is hacked then the hackers will be able to read the "password change" emails and log into Reckon.com . This is a ticking timebomb for you.
If you don't know how to do login security then outsource it to a company like auth0 or stormpath.
Comments
-
For the same reason I don't like any cloud use, or online accounting. I would think a clever hacker could hack Reckon just as easily as Yahoo. I stick to desktop versions.0
-
Hi Andrew,
I can definitely appreciate the concerns you've raised. The good news is we've got some major changes to the way we handle the password reset process coming very soon. It's a complete redesign of the process and will eliminate any potential for undue risk.🎉 Get rewarded for contributing to the Reckon Community! Learn how you could get a $100 gift voucher each month HERE.
0 -
It is now May 2022 and I have just had exactly the same issue. I updated our password, it was then EMAILED to me with the username as well - you might as well print it on a billboard by the highway!
The response from Reckon is below and completely useless. Even more so when I see this was flagged in 2017!! COME ON RECKON - SORT YOUR SECURITY OUT
Thank you for contacting Reckon.
We really understand your concern regarding the password security.
The reset password which is shared on the registered email is currently as per the default password reset process. However we will forward your feedback to the concern team.
Alternately we suggest you to please share your feedback through the link below as this is a dedicated portal to request feature and share feedback and the development team regularly work on the feedback/requests shared.
I hope the above information would be of help. Should you like to explore other support options, you may contact us via: Reckon Community Reckon Knowledgebase| Phones
0 -
Hi All,
I can confirm our development team will be working on updating how passwords are reset on Reckon Accounts Hosted in their next sprint.
Right now there is no exact ETA.
We thank you for your feedback and patience.
Luke
0 -
Let's hope it is quicker that 5 years when this was 1st flagged.....
In the meantime why not just remove the process that emails the actual password - not hard and resolves the issue until you have a solution - nobody needs the actual password, just a notification that it has changed?
James
0 -
I posted this issue 5 years ago while trialling reckon. When this security issue came up I banned reckon and we went with Xero- which is not great software but at least has okay security.
It amazes me that more reckon customers haven't been defrauded as it would be so easy. E.g.
1) Send out random phishing scams to small business employees in order to get access to email
2) Search email for reckon password reset
3) Send out fake invoices with incorrect bank account details and profit $$$
The great thing about this is that most businesses wouldn't know their email had been hacked and would assume it was either reckon or a disgruntled employee. Wait 6 months and repeat attack again
0
Categories
- All Categories
- 6.7K Accounts Hosted
- 16 📢 Reckon Accounts Hosted - Announcements
- 6K Reckon Accounts (Desktop)
- 7 📢 Reckon Accounts Desktop - Announcements
- 1.4K Reckon Payroll
- 33 📢 Reckon Payroll - Announcements
- 21 Reckon Payroll Help Videos 🎥
- 25 Reckon Mate App
- 2.6K Reckon One
- 9 📢 Reckon One - Announcements
- 12 Reckon Invoices App
- 15 Reckon Insights
- 99 Reckon API
- 308 Point of Sale
- 1.9K Personal Plus and Home & Business
- 74 About Reckon Community