Any.do. An elegant task list manager for phone, tablet, etc but I dumped it as a security risk

anydo

Astrid used to be my list manager of choice but then, when it closed down, I moved over to Any.do. I had some irritations with it but it all came to a head when I tried to change my password.

After the security breach at Adobe I decided to see if any of my passwords could do with being updated using the LastPass password creator. I changed passwords on a few sites and then came to Any.do to change it there.

Try as I might I could not find any way to change the password. I Googled, I searched the app settings – nothing. There is no “change password” option in the app’s settings. So there is no obvious way to change your password.

I emailed Any.do and got a swift reply telling me I could change my password through the app in settings. I could not! I emailed again with the full list of the options in ‘settings’ showing that a password change was not one of them.

Another reply came telling me to click on the “Forgot Password” feature on the log in page and follow through the prompts as if you forgot your password. Ah, I thought, you mean on a desktop, in a browser? To do it that way you have to have the Any.do Chrome extension installed. I had been trying to do all this my phone where most of my Any.do usage takes place. I followed those instructions by going on to the desktop, logging out of the Chrome extension, then instead of logging in again I entered my email address and clicked the ‘forgot password button’. Any.do sent me a ‘rest password’ link and I finally succeeded.

It was when I was searching for that information that I can across the mention that Any.Do transmits Passwords in plaintext. Link to the site here.

YIKES!

The site went on to say: Some of you may be interested to know that the Task Management and TODO-list Application, Any.Do, happily transmits your password and just about everything else in plaintext.

Why is that a problem? Any.do can be linked to contacts in Gmail. It can also have access to browser tabs, etc. A security weakness like that compromises the whole machine.

Wlist_icon

Wunderlist

I have moved over to Wunderlist.

Some day I may be tempted to go minimalist and retro with plain text. Now there are apps to manage a plain text todo such as Todo.txt for Android and iPhone, or for my Ubuntu desktop there is Day Tasks.

2 thoughts on “Any.do. An elegant task list manager for phone, tablet, etc but I dumped it as a security risk

  1. Thanks for posting this! I was trying to figure out how to change my Any.do password in the wake of Heartbleed, but this is making me question whether or not I should use the service at all.

  2. Hi. In Any.do faqs, now you can see the solution about the first question:
    To sign out, tap the three dots icon, press sync and then select sign out.
    Bye

Leave a Reply

Your email address will not be published. Required fields are marked *