Security issue: no encryption for password reset emails

A password reset email contains a link without https. That’s very bad for security as anyone on the same LAN as you is theoretically able to intercept it and gain access to your account.

Example: http://devtalk.nvidia.com/account/set-password/XXXXXXXX/XXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXX/

Please fix ASAP.

Hi Artem,

Thanks for pointing this out. I have forwarded this on to the development team.

Best,
Tom

Hi Artem,

We made the change to HTTPS, and pushed this to production. All is good now.

Thanks,
Tom

For some reasons “Accept as answer” is not available for this subforum, so I cannot mark my own threads here fixed. That’s a bug.

Hi Artem,

That is a forum setting, I just enabled the feature. You should now be able to “Accept as Answer”.

Thanks,
Tom

Hello @TomK… I in boxed you a question in private chat. Please respond. Thanks in advance

Hi xtrmepcgamer,

I replied a few moments back. Please check your inbox.

Best,
Tom

@TomK Thank you. I will check now.