More password security, please

I just tried to change my password, only to realize that...

1. . This can be done without entering the old password
2. . The old password is shown in plain text.
3. . The fact that an account tend to stay logged in after the browser is shut down makes it easy for whoever come next to #1 hijack the account by not only using the account but also changing the password, and #2 log in to any community where the user used the same password.

Changing this would be a good thing. Sorryif there's a thread for this already and I missed it. I did check, but I have a headache today and even missed one obvious link.

edited 3rd Nov '11 5:48:52 AM by Xzenu

Passwords are stored in cookies. You should never save your login cookie on a shared computer. This is Security Basics 101.

I know that. And I'm also very restrictive with what computers I log in from.

Yet, people sometimes do mistakes. And what about visitors?

Being able to change your password without verifying the current on is a security flaw. Current password is used to prove that you are, in fact, the owner of the account and authorized to do so.

Except your password is stored in the login cookie, making that nothing but security theater. This also has the side effect that you need to relogin on other computers/browsers/profile you do stay logged in on if you change your password.

For the average user, there's a huge difference between clicking a link and opening up a cookie.

The change pass page does verify that the handle/password combo is valid before offering the screen.

If you change your password and some other machine has you logged in with a different password, that machine's combo becomes invalid.

edited 3rd Nov '11 1:28:00 PM by FastEddie

In an ideal world, the local cookie would store the handle and password in encrypted form so that a third party can't simply open it and read it. Similarly, the password change form should require that the current one be input manually rather than automatically copied from the cookie. Any form input that takes the password from the cookie should handle it encrypted rather than in plaintext.

That said, Eddie has publicly stated that handle security on this wiki is not an issue with which he is strongly concerned. I can't honestly count a single issue of a compromised TV Tropes account that we've been able to verify.

^ That's theater, encrypting the cookie. Copying the encrypt is just as easy as copying the text. It only matters to humans, what the sense of the string is.

Hmm, true. But lots of sites store encrypted passwords in their cookies; it must have some security value — the biggest one, of course, being to prevent someone from just changing your password without you knowing.

It's just a reflex. A lot of sites do stuff that is security-like without actually being security.

edited 3rd Nov '11 2:23:02 PM by FastEddie

Precautions that doesn't protect against computer experts still protect against nosy relatives - the majority of them are only familiar with the kind of cookies bought in grocery stores. :-)

I'm not asking you to make it a big priority. But if you could eventually make the two changes I'm asking for, I'd appreciate it.

1. Make it so that the current password is not spelled out in plain text in the browser window.
2. Make it so that you have to type in your current password in order to switch to your new password.

@Log: Good piont, I forgot that TV Tropes doesn't use session cookies, just login cookies. Of course, it does mean the username/pass is being sent cleartext with every request, but that's almost par for the course.