1. Do you have an old account but can't access it?


    See Accessing your GIRS Account or Contact Us - We are here to help!

Addon Notice Tapatalk

Discussion in 'Website Items, Issues & Feedback' started by Bud, Apr 26, 2015.

  1. Bud Loves Bacon Website Team Board of Directors Leadership Team GIRS Member Vendor

    West Des Moines, IA
    Ratings:
    +1,814 / 14 / -0
    I will be installing Tapatalk soon. I am going to hold off until the DNS settings have propagated fully and the site is working normally via the URL, and I also need to test a few things out.

    Tapatalk recently updated their addon, and things went haywire. They don't have a very good track record of testing things after they make changes. So I'm going to be testing out the latest version on my site first to make sure it's working properly.

    In the meantime, mobile users will need to go to the site via browser. I think you'll find that Xenforo works pretty well on mobile :)
     
  2. Bud Loves Bacon Website Team Board of Directors Leadership Team GIRS Member Vendor

    West Des Moines, IA
    Ratings:
    +1,814 / 14 / -0
    Posted from Tapatalk!

    Tapatalk users need to delete GIRS from your mobile device, then search for "GIRS" or "Girs". For some reason, searching for "Greater Iowa reef society" didn't find it. Maybe I didn't wait long enough after adding it. Whatever, it works
     
  3. Bud Loves Bacon Website Team Board of Directors Leadership Team GIRS Member Vendor

    West Des Moines, IA
    Ratings:
    +1,814 / 14 / -0
    I just learned that Tapatalk, the shoddily written addon as it is, has now been shown to be sending password over the interwebz at a level of encryption that "a novice hacker" could exploit.

    https://support.tapatalk.com/threads/tapatalk-sends-unencrypted-passwords-over-the-web.31541/

    My recommendation at this point is that if you use Tapatalk, make sure that your password is unique enough that one wouldn't be able to use it to guess your password on another site that you really care about, like your bank account, credit card, etc.

    I personally use a random password filled with special characters, a different one for everything.

    This security hole is kind of the tipping point for me. They might as well be sending clear-text passwords, it is apparently so easy to decrypt them.

    I don't think many people on here use tapatalk (as of right now, 38 users) and since XF has a good mobile interface, I'm very seriously considering removing it.
     
  4. wouldtick Well-Known ReefKeeper

    381
    waukee
    Ratings:
    +85 / 3 / -0
    I love the app but understand if you remove it. But have a totally separate password.
     
    Last edited by a moderator: Oct 24, 2015
  5. Armydog

    Armydog Expert Reefkeeper

    Ratings:
    +738 / 8 / -0
    I completely changed my password on Tapatalk thanks for the info. I will probably change it once a month now
     
  6. Bud Loves Bacon Website Team Board of Directors Leadership Team GIRS Member Vendor

    West Des Moines, IA
    Ratings:
    +1,814 / 14 / -0
    As it turns out this is actually not an issue that is unique to Tapatalk. Just about any website that requires a password or any other type of personal information will send this information in clear text or at best weakly encrypted.

    The solution is to use an SSL certificate and force HTTPS. Which I have done here, as well as any other site I've ran for quite a while. This results in only encrypted information passing between the user and the server hosting the site. So this isn't as big of a deal as it was made out to me, and not specific to Tapatalk. Which kind of irks me that this guy brought it up this way on TAZ

    https://theadminzone.com/threads/tapatalk-sends-unencrypted-passwords-over-the-web.135833/

    However, Tapatalk does (apparently) store unencrypted passwords on the user's mobile device. So while the transmission of that password is encrypted, the password itself on the device may not be. So this means that if someone steals your phone, they might easily be able to obtain all your passwords depending on how they were stored by the individual app.

    I inquired as to how difficult this is to implement (encrypted passwords) and how common it is, because I'm curious now about all my passwords on my phone!

    So at the moment, it appears that Tapatalk will stick around but I'm watching this one pretty closely just to make sure. I find it useful as well, but the developers do not have a very good history of good coding practice.
     
  7. wouldtick Well-Known ReefKeeper

    381
    waukee
    Ratings:
    +85 / 3 / -0
    Thanks for staying on top of this
     
    Last edited by a moderator: Oct 24, 2015
  8. Bud Loves Bacon Website Team Board of Directors Leadership Team GIRS Member Vendor

    West Des Moines, IA
    Ratings:
    +1,814 / 14 / -0
    @mrelaz@mrelaz
     
  9. mrelaz

    137
    Waterloo, IA
    Ratings:
    +20 / 0 / -0
    Thanks. Got it now.


    Sent from my iPhone via App
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.