ForumsQuestionsHow do you secure your account if your password has been stolen?


How do you secure your account if your password has been stolen?
Author Message
jrasmu

Posted: Feb 02, 2010
Score: 0 Reference
Recently I became concerned that someone may have "shoulder-surfed" my password for my Toodledo Pro subscription. In Toodledo, I examined the Login Activity log available under Account Settings -> Account Activity -> Login Activity, and found no unusual activity. The only computer with an active login session to my account was the one on which I was working, so I simply changed my password and now I believe my account is secure.

I want to know what I should do if it looks like someone has already compromised my account and is actively signed in from another computer elsewhere in the world. In theory, they could stay logged on for an entire week and continue to view my personal information. I ran a test and signed on to Toodledo through Internet Explorer from 2 different computers and changed the password and Unique ID to my account from the first computer. What I found is that the second computer was still able to access and update my information.

Is there some way to force off all active login sessions to a Toodledo account?
Linden

Posted: Feb 03, 2010
Score: 0 Reference
Hmm. It sounds to me like it would be smart to invalidate all login cookies when the password is updated.

Maybe there's an easier way, though...
Proximo

Posted: Feb 03, 2010
Score: 0 Reference
Proper passwords are very important for computing in general and most people have terrible habits when it comes to passwords.

Maybe this is a topic I could start in the General forum section. :-)
Jake

Toodledo Founder
Posted: Feb 03, 2010
Score: 0 Reference
We'll look into this. Thanks for pointing it out.
You cannot reply yet

U Back to topic home

R Post a reply

To participate in these forums, you must be signed in.