The mobile Access option of my MyBookLive creates a 12 DIGIT huh? code which expires in 48 hours. According to http://www.howsecureismypassword.net/ This code would take 4 minutes for a desktop PC to crack. When downloading the app, all that is required is the code and I have full access to the files.
This is a MAJOR security flaw. All I have to do is run a script that is constantly pinging your server with every different combination of 12 digits, and I’ll have access to anyone who adds mobile access.
Can you guys please comment on this issue and immediately look to a solution that incorporates letters, and/or a symbol to make your product secure and not open everyone up to having all of their files stolen.
I do see that the codes are one time use, so that makes me feel safe about my data, but this means someone would have to immediately use their code to avoid being hacked.
