Cabrio@lemmy.world to Games@lemmy.worldEnglish · 2 years agoLarion Studios forum stores your passwords in unhashed plaintext.lemmy.worldimagemessage-square218fedilinkarrow-up1474arrow-down1153file-text
arrow-up1321arrow-down1imageLarion Studios forum stores your passwords in unhashed plaintext.lemmy.worldCabrio@lemmy.world to Games@lemmy.worldEnglish · 2 years agomessage-square218fedilinkfile-text
Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
minus-squaredarkkite@lemmy.mllinkfedilinkEnglisharrow-up19arrow-down8·2 years agothis is still a terrible idea. the system should never know the plaintext password. logs capture a lot even automated emails. i don’t see a single reason to send the user their plaintext password and many reasons why they shouldn’t
minus-squarevoxel@sopuli.xyzlinkfedilinkEnglisharrow-up3arrow-down1·edit-22 years agopasswords are usually hashed server-side tho and that’s done for a reason. if handling passwords correctly, server side hashing is way more secure then client-side. (with client side hashing, hash becomes the password…)
this is still a terrible idea. the system should never know the plaintext password.
logs capture a lot even automated emails. i don’t see a single reason to send the user their plaintext password and many reasons why they shouldn’t
passwords are usually hashed server-side tho and that’s done for a reason.
if handling passwords correctly, server side hashing is way more secure then client-side. (with client side hashing, hash becomes the password…)