|
||
|
Title: Plaintext Password Storage? Post by restcoser on Aug 19th, 2014, 7:09am When I accidentially pressed the "forgot password" button instead of login, I got the password mailed back in plaintext... I'm not sure if this issue has been brought up before, but I just wanted to open this thread to make people aware of this threat. If I get my password mailed back in plaintext it means that either the password is stored in plaintext or encoded in such a way the site can decode it easily. This is not an issue when the password has been randomly generated (I use a password manager), but there are many people that actually use one password on multiple sites. |
||
|
Title: Re: Plaintext Password Storage? Post by Fritzlein on Aug 20th, 2014, 8:48am I'll bet a nickel passwords are stored in plaintext. Nobody should use a password for arimaa.com that they use anywhere else. |
||
|
Title: Re: Plaintext Password Storage? Post by Kushiel on Sep 15th, 2014, 11:35am I'd strongly recommend warning users when they create an account/change their password that their password will be stored in an unsecure manner. I'm glad I saw this before I created my account, but hoping users find this thread is an unreliable method for letting them know you're handling their sensitive data in a poor manner. |
||
|
Arimaa Forum » Powered by YaBB 1 Gold - SP 1.3.1! YaBB © 2000-2003. All Rights Reserved. |