Security on old AUK Site ?

[BeMoreMike]

I need to reset my password but can't find where to do it within the new site.
The "Forgotten Password" link directs to the old site which isn't secure. It seems to go against all advice on internet and password security to be changing it in a unsecured site.

Should i be concerned ?

[grams]

The old site is available over HTTPS if you change the address. I'm not sure why it hasn't been set to redirect automatically.

https://www.aukweb.net/

[BeMoreMike]

Cheers 

I've also just seen the "Membership" button staring me in the face on the new site which links everything to the old site securely.

[Ben T]

What adverse activity could anyone do by hacking your aukweb account - and why would they want to? (Genuine question - I'm not implying security isn't necessary.)

[Kim]

What adverse activity could anyone do by hacking your aukweb account - and why would they want to? (Genuine question - I'm not implying security isn't necessary.)

Main risk is if you've used the same password elsewhere, but I suppose they could sign you up to the Foosty Ferret 400 or whatever, and then you'd have to ride it.

[Phil W]

Since they will have paid for the entry, not a bad deal.

[Frank9755]

What adverse activity could anyone do by hacking your aukweb account - and why would they want to? (Genuine question - I'm not implying security isn't necessary.)

Main risk is if you've used the same password elsewhere, but I suppose they could sign you up to the Foosty Ferret 400 or whatever, and then you'd have to ride it.

That was my first thought, but also they could make lots of offensive posts on the auk forum in your name. Actually, maybe that happens already...

[BeMoreMike]

What adverse activity could anyone do by hacking your aukweb account - and why would they want to? (Genuine question - I'm not implying security isn't necessary.)

Genuine answer...i don't know, i'm not completely clued about theses things. I certainty don't know anyway near as much as people who hack accounts.

Aukweb holds my name, address, dob, email and name & phone number of spouse; I believe that's enough for identity theft? It also links to my PayPal which in turn is linked to my main bank account, and as has been already mentioned, some people might use similar passwords across different sites. They're my concerns.

I've been trying to use the new site by default, i can understand the state of limbo we're currently in while services are being migrated from the old site, but if there's security risks with those links then maybe aukweb needs to be killed off sooner rather than later.

[frankly frankie]

It doesn't hold your DoB, and it doesn't link to your PayPal.  And your email and emergency contact info are optional, not required - you are free to delete (or falsify) them.

Currently, every time you log in to the new site some of your personal data is being requested from the old site and transmitted between sites.  But yes, the new site is now the 'official' address.