• State Not Answered
  • Replies 1 reply
  • Subscribers 0 subscribers
  • Views 1242 views
  • Users 0 members are here
Options
Related

Qustionable password security when sharing with MapShare

Former Member
Former Member over 7 years ago
I noticed that when editing shared maps, the password is shown. This leads me to believe that the password is not stored in a secured fashion. Password should not be able to be decrypted, let alone shown on a webpage. This makes me question other passwords that Garmin stores.

If you use a common passwords people (you should not), I suggest you change all Garmin passwords until someone responds. As you may be aware, there has been many major website compromised releasing username/passwords in recent times.
  • Former Member
    0 Former Member over 7 years ago
    I think this is by design. If you send MapShare link from your InReach device (or, for that matter, from web), the email/SMS will include the password. Which is presumably what you want - if you're sending MapShare to somebody, especially from something like InReach Mini, you don't want to be typing password on the device itself. Sure, you could (should) communicate the password in advance but if you forget, or the other party does, and you are in the middle of the woods, and your password is 20 character cryptographically strong password, good luck. Don't forget to watch out for bears while you're typing the message. ;-)

    You should never ever use valuable password for things like MapShare. The password here serves just as an extra protection, so somebody who just randomly guesses your MapShare id cannot access your map. I wouldn't also treat MapShare page as completely secure - since the password gets sent out in email, it can be intercepted.

    Oh and yes, I certainly hope that our personal passwords are not stored in clear text - if it turns out they are, that would be a huge security blunder on Garmin side. But my point here is, MapShare is a special case. As for other passwords, you're always kind of trusting the security of the company that you use the password for. If you want to be safe, do what you said, and what security experts recommend and never reuse passwords. At least for the sites that matter. It's a good policy in general. And just a reminder, that you really never know how safe their system is. If you find out, you usually wish you haven't.