A little warning about sharing your music
Some people might want to take their birthdates out of their profiles if you don't want your .mac account hijacked and you're sharing music.
In order to listen to someone's .aac files, you have to be authorized. If you're not, it'll give you a little dialog box that has "forgot my password" and you're taken to a webpage where one of the possible challenges is your birthdate. If your birthdate is in your profile, you might get your account hijacked. I haven't gone through the steps of changing someone's password, but it seems to me I'm one drop down menu away from doing it. Careful, people.....
edit: it seems there's at least one more step in the changing process, but still, these things could be out in the open (like location or pet's name or something). Maybe I'm being paranoid but it just seems a little too easy.
In order to listen to someone's .aac files, you have to be authorized. If you're not, it'll give you a little dialog box that has "forgot my password" and you're taken to a webpage where one of the possible challenges is your birthdate. If your birthdate is in your profile, you might get your account hijacked. I haven't gone through the steps of changing someone's password, but it seems to me I'm one drop down menu away from doing it. Careful, people.....
edit: it seems there's at least one more step in the changing process, but still, these things could be out in the open (like location or pet's name or something). Maybe I'm being paranoid but it just seems a little too easy.
Comments
Then someone suggested not using easily available personal info for security purposes might the easier and more sensible approach and they dropped it.
You still see that question all the time though.
Originally posted by Amorph
You're asked for your birthdate and also a "challenge" question written and answered by yourself. So your security is about as good as your ability to come up with a question that only you'd know the answer to.
That's true, but it isn't ordinarily so easy to get to the to page that gives you those options. It's a webobjects session that you can't just randomly create, so this gives people a VERY easy way to get to the correct place. That was the reason I brought it up. Well, actually, I was trying to play someone's .aac files from the "share your music" thread and I got to the page. And I was able to find his birthday. I didn't go (or try to go) further. But it could have been done way too easily.
Originally posted by torifile
That's true, but it isn't ordinarily so easy to get to the to page that gives you those options. It's a webobjects session that you can't just randomly create, so this gives people a VERY easy way to get to the correct place. That was the reason I brought it up. Well, actually, I was trying to play someone's .aac files from the "share your music" thread and I got to the page. And I was able to find his birthday. I didn't go (or try to go) further. But it could have been done way too easily.
He says as he orders 200,000 songs from the new service just to "see if it worked."
Originally posted by jante99
He says as he orders 200,000 songs from the new service just to "see if it worked."
If one-click were enabled I woul.... Nevermind.