Trillian Basic 3 - Fake password security
Posted on January 10, 2007, under Security.
For awhile now, I’ve used the Trillian Basic instant messaging client, since I have contacts on Yahoo, MSN/Live, and AIM. There have been times when entering the startup password for Trillian, I thought - “Ooops, I fat-fingered that”, only to have Trillian continue to log in. I would shrug and move on, thinking I must have typed it correctly. Yesterday, I was logging into Trillian, and knew that I fat-fingered the password - and Trillian logged in! No errors! Hrmm.. So I did a couple tests:
- I used a completely bogus password - Trillian started right up.
- I tried no password, and yep, Trillian logged right in, no problems.
So the password prompt in Trillian is useless for security as far as I am concerned. This makes me highly question my continued use of Trillian. Does anyone else notice this with their install of Trillian? I’m using Trillian Basic 3.1 (build 121). In the meantime, I’m thankful I have Trillian and its data saved in a TrueCrypt encrypted volume. That still retains some of the security I was assuming was there in the first place.
4 Replies to "Trillian Basic 3 - Fake password security"
jodi on January 19, 2007
That is kind of scary and strange. Thanks for checking that out.
amber on April 3, 2007
Check out http://www.koolim.com.
John on January 13, 2007
Interesting. I stopped using long ago, but I had been thinking about starting again, because of some of the shoddy/sneaky things Yahoo has been doing.