Hopefully starting a new thread will bring some attention to this matter, but if anyone wasn't aware, BetPhoenix actually puts your password in the URL when you log in, and it's saved in your browser history. From a security standpoint, this is terrible, and may well explain why several people seem to be having problems with the security of their BP accounts. Until they rectify this matter, if you use BP, make sure you clear your browser history very frequently.
-
-
been several posts about this around the forums for quite some time now and betphoenix has done nothing about it
Comment -
TomCowley has mentioned this ad nauseum. Its ridiculous BP is managed/designed by such epic morons that somehow think this is a good idea.Comment -
What if you instruct the site not to "remember" you?, does the password still exist in the URL history? I will try this myself, but was just wondering if anyone knows offhand.Comment -
I have the site not instructed to remember me and the password is still in my URL.Comment -
Simply go to tools and clear history every time you close Firefox. I did this anyway without even knowing about this little matter. Guys the same stuff is brought up about this book over and over. Its nit picking, if something arises out of it, it is solved that same day by BP's wonderful staff, and the book gives the best bonuses in the industry. Let it go. BetPhoenix is here to stay.Comment -
lol thremp I'm trying to boost moral here.Comment -
Problems like these are going to get worse, not better. Hackers are getting more and more sophisticated every day, and it is impossible for gaming sites to keep up. You will have to be very diligent.Comment -
My password is certainly not in the url.Comment -
yes it is and that is just another red flag about this book
WTF!
that is unreal i just noticed it and never noticed it before
thank you for this thread sktrelfan
Comment -
not goodComment -
I don't see the password in my URL.Comment -
Look carefully--log into your BetPhoenix account and watch the URL window. As you log in, your password will appear at the end of the URL, on the right hand side, then disappear. Depending on how fast your internet connection is, the password may only be on the screen for 1/4th of a second. But the password is still being transmitted via a URL, which is not very secure, and will also be saved in your browsing history.Comment -
It seems that if you log in to the old version, it does this. If you log in to the new site, it doesn't.Comment -
so old version ppl can hack? wtfComment -
good to knowComment -
Well, if you're using the old version and not seeing your password in the URL for a very brief period of time, either it's flashing by too fast for you to see it or they somehow have different accounts configured different ways. When I log in to the old version a URL of:
URL: http://bettor1.betphoenix.com/custom/LoginVerify.asp?method=loginPost&langCod e=en&customerID=XXXXX&password=XXXXXXXXX
flashes by, with my user ID and password in place of the Xs. Then very shortly after (probably 1/4th of a second at most, probably depends on the speed of your computer) the URL switches to:
I suppose the easy solution is "switch to the new version" but I find the new version significantly more difficult to navigate, particularly when there are a lot of games on the screen.Comment -
Claiming you can't see it in this case is akin to just closing your eyes and saying, "I don't believe in ghosts" three times. A cursory amount of effort would yield boundless results.Comment -
Neither do I dark, but I did a log in and watched the URL I very briefly got a password= xxxxxxx n the URL but it didn't show in my history. I use chrome by the way.
Just did the old version and it clearly shows in the url for maybe 1/2 a second.
URL: bettor1.betphoenix.com/custom/LoginVerify.asp?method=loginPost&langCod e=en&customerID=Pxxxxxxx&password=xxxxxx xxxx
old version saved in my history.Comment -
Yes that is really sick. Why the hell would my password be in browser url?
Going to change password at phoenix, or better yet might just dump the site overall. They already took away reduced juice.Comment -
the whole ****ing place seems like a joke.... slapped together by some Costa Rican with a commodore 64.... have you got one of their calls regarding their awsome "reload bonuses"?? Get the rep to explain the ENTIRE reload bonus process to you... If he/she can tell you the entire thing without messing up, or confusing themselves then they should be a politician.Comment -
Why would you presume to know what I see? I told you I didn't see it and I didn't. The reason for that, after experimenting a little, is that I either log out or let the site log me out. On the old version. I never go back to the main menu, but log back in through the window where you log back in. The password never shows there. Guaranteed. That's also the window saved on my computer, so I never had the problem.
Apparently, the new version doesn't show the password either.
So the problem, while certainly undesirable, is very easily circumvented. But instead of focusing on the solution, the wave of newbie crybabies here is so stuck in their one-dimensional complaining that they fail to realize they're free to move on.Comment -
Dark Horse is correct.
If you log in here: http://bettor1.betphoenix.com/login.asp
It does not happen and takes you to the old site.
If you log in at betphoenix.com to the old site, it most certainly happens.
That's not really the point though. It is beyond horrid on their part and it was brought to their attention months ago. It never should have happened in the first place let alone not been fixed.So the problem, while certainly undesirable, is very easily circumvented. But instead of focusing on the solution, the wave of newbie crybabies here is so stuck in their one-dimensional complaining that they fail to realize they're free to move on.Comment -
it's amazing how poorly designed the websites for even the most reputable sportsbooks can be. it's as if they were done for some junior high computer class. password in the url? unreal.....Comment -
For those of us that are aware of the problem and understand it. What is it that, maybe 1% of their players.
How many more log in somewhere unsecured everyday with the possibility of having their account information stolen. And now all these reports of money disappearing from accounts.
They allegedly have lots of money, how about spending $12 an hour on someone competent.Comment -
SBR too busy hugging their nuts to curr.Comment -
Agreed. It's a pity that we don't have a better understanding of what is going on at BP at the management level. In the old days SBR would keep us more or less updated, but nowadays they say nothing, either because they don't know or don't care.
Meanwhile, without SBR directing traffic, but with a dramatic increase in, mostly uninformed, traffic, this forum has changed into its own variety of the sorcerer's apprentice. I used to come here for information on the industry. Now it's mostly nonsense by a bunch of sheep, bleating because the others are bleating.
What they don't seem to understand is that it becomes much more challenging to hold books accountable, through legitimate complaints here, when an avalanche of unfounded complaints, that are not recognized as such by the readers here, makes it all but pointless to reply and react to valid complaints.Comment -
Wow, you're a real idiot. First of all, an act as simple as logging into a sportsbook shouldn't need to be "easily circumvented," and the fact that BP can't figure out how to keep the password out of a URL is a legitimate problem. The onus shouldn't be on me to have to figure out how to keep my password out of the URL without "a little experimenting," and how do you "log back in" without logging in initially and having it display your password in the URL? I see that Durito posted a link to a log-in screen where you can log in without having the password displayed--how was I supposed to know to log-in to that page directly? I think I used BP for a couple months before I even noticed my password was in the URL, since it flashes by so quickly.
I've been betting online since 1996 so it's foolishly presumptuous on your part to assume I'm a "crybaby newbie." Just today one moron on this board said it was inappropriate that I complained that BP call me as early as 715am, and now you're claiming the onus should be on me to figure out how to correct BP's account security. I guess you guys are right, I shouldn't mind getting woken up by them early in the morning and shouldn't be concerned about the security of my account.Comment
Well said.