Ares wrote:
For instance, say someone logged into MFN on a public terminal, or lost their mobile device, and failed to log-off, then anyone who subsequently had access to it could view their password. In itself this isn't all that bad, since there's limited mischief to be caused on a football management site.
well i known of people who played another game where on facebook they forget to log off and a person (not sure who) decided to sell every player (WGT Baseball) and sell most of their cars they had (Cartown).
And to be quite frank when something like that happens where someone sells everything or close to everything it becomes a mess with the person telling the game company then the game company cant do anything because they are not sure if that person did it or someone else did.
Now if you add that equation into MFN lets say someone forget to log off and could see all the teams that person has where they could ABANDON every single one or trade/cut every player on those teams to be honest it would be a nightmare to JDB to having to deal with that issue.
so i have to agree with you on your statement.
Ares wrote:
However, many people inadvisably re-use the same passwords across multiple sites, which could allow someone to then force access to more sensitive accounts.
actually thats why the so called experts tell you to make sure to use a different password for all your sites and even use a different username for all your sites.