Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Username used for posts is a security vulnerability

VPRide
over 11 years ago
I think its a bad idea using the Garmin username as the posters name on the forum instead of the Garmin display name or some other configurable name for postings. Using the users username or even worse the users email address gives hackers an attack vector into your Garmin account. I have tried to find a way to change this but other than creating another account just for posting there does not seem to be a way to change what is used as my posting name on the forums.

This may not be the best place to post this so suggestion welcome. Also if I have missed something and there is a way to configure my posting name then please let me know.

Most other forums allow you to do this and I think this is an important security flaw in the Garmin system.

This might seem a bit paranoid but given that a hacker gaining access to your account can track your movements, work out your training schedule and potentially locate your home I think its pretty serious.
  • Former Member
    0 Former Member over 10 years ago
    Yes, this concerns me a great deal. I've requested to have my forum name changed and am hoping it will happen soon.

    Already I see junk posts and spam on the forum.

    I don't believe I've ever seen a forum that automatically uses people's e-mail addresses as forum names. Really bad idea.
  • 0 over 10 years ago
    I am glad you agree. Your situation is slightly worse than mine as you somehow have your email address displayed rather than simply your user name, I wonder if this is because you used your email address as your user name too? Either way, if your chosen display name was used instead as per the Garmin connect website the problem will be solved. I emailed Garmin but they simply misunderstood the issue so I replied explaining again but I have not had a response as yet.
  • 0 over 10 years ago
    SUSSAMB, thanks for you reply but this does not solve the issue, the issue as far as I see it is that the forum should show your display name and NOT your username as your username can be used to gain access to your account. I think your username should be private at all times which presumably is the point of having a display name. I set my display name to be different from both my email address and my username just for this reason and Garmin connect correctly shows my display name but the Garmin forum shows my username.
  • 0 over 10 years ago
    Well I think every other forum I belong to uses my log in/user name as my display name so I really don't see why you expect this forum to be any different. I do though wish there was an easier way for folks to change their 'sign-in user name' as described in the FAQ but there isn't.
  • 0 over 10 years ago
    SUSSAMB, I'm not sure thats true but to be honest I have not considered that before so you may well be right for some or even the majority of forums. Strava community forum for example uses your display name which is exactly what I would expect and want. I may be sounding a bit picky but in this instance what I am most concerned about is Garmin Connect holds some very valuable information about its users, particularly the routes they travel so any one gaining access to your account can learn a lot about you. In addition I think Garmin should introduce privacy zones too, until that point I will not be using Garmin's segments and all my rides will be private, unlike on Strava.
  • 0 over 10 years ago
    I don't want to be picky but it IS true for the forums I belong to, as I've already stated. However I accept that not ALL forums may work that way :)

    I have nothing to do with Connect, but if you have concerns about the way this forum works your best bet is to PM the admin who wrote the FAQ.

    I've also sent you a PM.
  • Former Member
    0 Former Member over 10 years ago
    I sent a PM to the forum admin and got my forum name changed.
  • Former Member
    0 Former Member over 10 years ago
    How do you pm the forum admin? . .. I regret my user name- do not know what I was thinking but cringe at the thought of it. Would at least like to change my forum name to something else!
  • 0 over 10 years ago
    Read the link posted above in post #4, it explains how.