Alipay responds to security vulnerabilities of acquaintance login

January 12, 2017 20:31:37 information safety comment four hundred and five

Recently, a netizen revealed that Alipay has found a deadly new vulnerability: strangers have a 1/5 chance to log in to your Alipay, while acquaintances can log in to your Alipay 100%, and can even change it without using the original password directly with the mobile phone number. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

According to netizens, the principle is as follows: log in to the mobile phone account - forget the password - the mobile phone is not around - choose one of the nine pictures of things Taobao has bought - choose one of the nine pictures of friends verified by friends - the login is successful. At this time, you can scan the QR code directly to pay without password. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

The specific steps are as follows: The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

1. Open the Alipay login interface, enter the account number and click Forgot Password; The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

2. After entering the account number, you can't receive SMS by clicking directly; The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

3. There are many ways to verify. Choose the way you know, the acquaintance verification, and the friend information you know; The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

4. Change the password. The original password is forgotten and changed directly. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

After modification, you can directly log in the account, which has all functions and supports secret free payment. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

In response, Alipay officials said that this method can only be realized under specific circumstances. And once the user Alipay is logged in to other devices, my device will receive a notification reminder. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

In addition, Alipay said that after receiving feedback from netizens this morning, Alipay further improved the security level of the risk control system. At present, only on the user's own mobile phone can the user retrieve the login password by identifying the recently purchased goods and his/her friends. This method cannot be applied to other mobile devices to retrieve the login password. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

The following is the full text of Alipay response: The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

We received feedback from netizens that we can retrieve the Alipay login password by identifying friends and recent purchases. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

This approach will only be implemented in specific cases. Generally, users need to input SMS verification code at least to retrieve their login password. For some users who cannot receive SMS messages or change mobile devices temporarily, our risk control system will first evaluate (such as account information integrity, network environment and other factors). When the security factor is high, the user is allowed to answer a series of security questions. The login password can be changed only after the answer is correct. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

This policy can only retrieve the login password, but cannot retrieve the payment password only by answering security questions. And once the user Alipay is logged in to other devices, my device will receive a notification reminder. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

In order to better enhance users' sense of security, we have further improved the security level of the risk control system after receiving feedback from netizens. At present, only on the user's own mobile phone can the user retrieve the login password by identifying the recently purchased goods and his/her friends. This method cannot be applied to other mobile devices to retrieve the login password. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

We also welcome users to continue to make comments and suggestions on our security policy, and we will further improve and revise it according to your feedback. The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html

The article originates from the fallen fish- https://www.duoluodeyu.com/2392.html
How many common questions do you know about the new safety law in the knowledge contest of Chaigong Bao's safety production month in 2022 Practical Information

How many common questions do you know about the new safety law in the knowledge contest of Chaigong Bao's safety production month in 2022

Chaigong Bao, 2022 Safety Production Month Knowledge Contest, how many questions to know in the new safety law database Download: Baidu online disk (extraction code: rp3d) FAQ: 1 When employees find an emergency that directly endangers personal safety, they have the right to stop operations or withdraw from the workplace after taking possible emergency measures
June 14, 2022 one hundred and eighteen information safety share comment
Mutual aid platform will be closed on January 28. Please improve your own security plan as soon as possible Industry trends

Mutual aid platform will be closed on January 28. Please improve your own security plan as soon as possible

On the evening of December 28, Mutual Treasure announced that it would stop operation at 24:00 on January 28, 2022 after careful consideration and discussion to protect the interests of all members in the longer term. As of the date of announcement, members will no longer participate in mutual aid apportionment. The apportionment amount originally scheduled to be deducted on the date of announcement and January 2022
December 28, 2021 two hundred and fifty Insurance Alipay comment
Time of release of lottery results of gold coin cloud merchant commemorative coins and unfreezing of frozen funds Practical Information

Time of release of lottery results of gold coin cloud merchant commemorative coins and unfreezing of frozen funds

Compared with the lottery of physical gold and silver coins (commemorative coins) in the bank and cloud flash payment, gold coin cloud merchants support Alipay to use credit cards to pay frozen funds without occupying current balance, which is welcomed by many users. When drawing gold and silver coins (commemorative coins) in the gold coin cloud business app, you may pay attention to the gold coin cloud business app
November 27, 2021 2,362 share Alipay comment
anonymous

Comment

Anonymous netizens Fill in information

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

determine