MyPrevx Audit Trail TMI

When I look at the Audit Trail on the MyPrevx site, some entries in the 'Message' column display my sign-in credentials - email and password - in clear text!!

Is this a feature? Can I select a preference somewhere to mask or exclude this information?

 

Are you using the full version Prevx with SafeOnline? If you are, you are protected as it's an HTTPS link and SafeOnline protects your credentials from anyone else from seeing it and also from screen grabbers and keyloggers! I don't worry about it! Only you and Prevx knows who you are and email and License numbers included!

Joe will come by and give his comments also!

HTH,

TH

 

THanks, TH. I know I'm not talking about a triple threat here, but it is an essential security practice, IMHO, never to reveal sign-on credentials unnecessarily. And we are talking about a security product here.

Are these being displayed for a specific purpose? If not, I say ditch that code!

Cheers,
~j~

 

I've forwarded a link to this thread onto our MyPrevx development team for some answers I'm honestly not too familiar with it but they should have a reason for it or will adjust it ASAP!

Thank you for the information

 

We're about to roll this out into a production environment where monitoring/logging are the new mandates. We have high hopes for Prevx, based on what I've read here and elsewhere. Getting a problem or suggestion forwarded ASAP is the kind of response that's going to keep this product in the trenches.

Thank you, PrevxHelp. I haven't taken the time to understand this forum's relationship to the makers of Prevx, or your role among them, but I appreciate my concerns being taken seriously.

As to immunity from screengrabbers and such, as mentioned by Triple Helix, my first thought upon seeing my password displayed was "what if someone is watching over my shoulder?" Or worse, say I'm giving a live demonstration of our Prevx console on a big screen in the conference room and didn't know that my credentials might be on display for all to see.

I hope I made my edit correction before anyone saw my goof; if not, my apologies.

 

We definitely agree - if the changes haven't already been made, I'll be circling back with our MyPrevx development team in the AM to get it fixed

Thanks for your support and let me know if you have any questions with the rollout!

 

Sorry for not having gotten back sooner - the MyPrevx passwords should now be hidden as of yesterday morning

Let me know if you have any other suggestions!

 

I'd rather see the information Google has on us, ever try putting your handle in the Google search bar?


Hogndog