Author |
Topic: Plaintext Password Storage? (Read 1235 times) |
|
restcoser
Forum Newbie
Arimaa player #9837
Gender: 
Posts: 1
|
 |
Plaintext Password Storage?
« on: Aug 19th, 2014, 7:09am » |
 Quote  Modify
|
When I accidentially pressed the "forgot password" button instead of login, I got the password mailed back in plaintext...
I'm not sure if this issue has been brought up before, but I just wanted to open this thread to make people aware of this threat.
If I get my password mailed back in plaintext it means that either the password is stored in plaintext or encoded in such a way the site can decode it easily.
This is not an issue when the password has been randomly generated (I use a password manager), but there are many people that actually use one password on multiple sites.
|
|
 IP Logged |
|
|
|
Fritzlein
Forum Guru
Arimaa player #706
Gender:
Posts: 5928
|
|
Re: Plaintext Password Storage?
« Reply #1 on: Aug 20th, 2014, 8:48am » |
Quote Modify
|
I'll bet a nickel passwords are stored in plaintext. Nobody should use a password for arimaa.com that they use anywhere else.
|
|
IP Logged |
|
|
|
Kushiel
Forum Full Member
Arimaa player #9913
Gender:
Posts: 16
|
|
Re: Plaintext Password Storage?
« Reply #2 on: Sep 15th, 2014, 11:35am » |
Quote Modify
|
I'd strongly recommend warning users when they create an account/change their password that their password will be stored in an unsecure manner.
I'm glad I saw this before I created my account, but hoping users find this thread is an unreliable method for letting them know you're handling their sensitive data in a poor manner.
|
|
IP Logged |
|
|
|
|
Home
Help
Search
Members
Login
Register
Reply
Notify of replies
Send Topic
Print