Arimaa Forum (http://arimaa.com/arimaa/forum/cgi/YaBB.cgi)
Arimaa >> Site Discussion >> Plaintext Password Storage?
(Message started by: restcoser on Aug 19th, 2014, 7:09am)

Title: Plaintext Password Storage?
Post by restcoser on Aug 19th, 2014, 7:09am
When I accidentially pressed the "forgot password" button instead of login, I got the password mailed back in plaintext...

I'm not sure if this issue has been brought up before, but I just wanted to open this thread to make people aware of this threat.

If I get my password mailed back in plaintext it means that either the password is stored in plaintext or encoded in such a way the site can decode it easily.

This is not an issue when the password has been randomly generated (I use a password manager), but there are many people that actually use one password on multiple sites.

Title: Re: Plaintext Password Storage?
Post by Fritzlein on Aug 20th, 2014, 8:48am
I'll bet a nickel passwords are stored in plaintext.  Nobody should use a password for arimaa.com that they use anywhere else.

Title: Re: Plaintext Password Storage?
Post by Kushiel on Sep 15th, 2014, 11:35am
I'd strongly recommend warning users when they create an account/change their password that their password will be stored in an unsecure manner.

I'm glad I saw this before I created my account, but hoping users find this thread is an unreliable method for letting them know you're handling their sensitive data in a poor manner.



Arimaa Forum » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB 2000-2003. All Rights Reserved.