|
|
Post by Iain - Orca on Mar 20, 2018 14:59:52 GMT
Anyone else having problems logging in? I just get a blank screen with the words "other-error works!" Sorted now - just a hiccup with my initial funding. Thanks for your patience and cooperation in getting this resolved. This shouldn't be an issue moving forwards. We completely understand the inconvenience caused by technical issues, and will always prioritise even the smallest of issues. We are in the early phase of launch, and so are ironing out teething issues. Our priority is to ensure a quality experience for clients, and we will continuously endeavour to deliver this. Iain
|
|
|
|
Post by jmk on Mar 21, 2018 22:36:56 GMT
Hi, I'm the lead developer at Orca. We are neither incompetent nor leaking data. ... The reason you cannot login with your old Orca Analytics details is because we don't have access to your old passwords (for security) and so were unable to migrate accounts across. We take our customers security very seriously. Feel free to ask if any further questions. Be cautious of businesses that uses the vague reason "for security", without any valid explanation! A business shouldn't have access to user's original unencrypted passwords, however, this shouldn't prevent account migration! If password storage is done correctly, then secure one-way password "hashes" would be stored (rather than unencrypted passwords in plain text). These one-way "hashes" can easily be migrated across - no access to original passwords themselves are needed in order to migrate password hashes. Even if the hashing algorithm has changed, this shouldn't prevent account migration - a server should simply authenticate using the previous hashing algorithm, and if it passes, then re-hash the password the user's entered using the new hashing algorithm, and store this new hash. The ONLY valid reason for not migrating passwords across would be if the original password restrictions were lax - i.e. if single character passwords were allowed. In which case, forcing users to choose new, secure, passwords would be the only valid "for security" reason as to why existing accounts couldn't be migrated. So if I business says they can't migrate "old passwords" "for security" - there's no technical reason why they can't, but it's more likely to be that their original password policy was not up to scratch! Hi there. So, our technology is .net based, and for the original authentication process (for the Analytics product), we used the ServiceStack framework - servicestack.net. ServiceStack is open source and well vetted, and absolutely secures passwords. For the new Investment product, we decided to use Auth0 instead - https://auth0.com. Auth0 is used globally, by a number of major companies, you can see a long list of their customers here, we choose them because they provide a range of benefits out of the box, such as logging and tracking. These things are important for things like regulation, which we didn't get from ServiceStack, and we didn't need at the time, because our users where simply logging in to view data. When you say: > The ONLY valid reason for not migrating passwords across would be if the original password restrictions were lax That is simply false. We didn't migrate passwords across because we don't have them, so that would be impossible.Again, we genuinely do take customer security very seriously, and I'm happy to answer any further questions. John
|
|
