Cabrio@lemmy.worldcake to Games@lemmy.worldEnglish · 9 months agoLarion Studios forum stores your passwords in unhashed plaintext.lemmy.worldimagemessage-square217fedilinkarrow-up1476arrow-down1153file-text
arrow-up1323arrow-down1imageLarion Studios forum stores your passwords in unhashed plaintext.lemmy.worldCabrio@lemmy.worldcake to Games@lemmy.worldEnglish · 9 months agomessage-square217fedilinkfile-text
Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
minus-squaredarkkite@lemmy.mllinkfedilinkEnglisharrow-up19arrow-down8·9 months agothis is still a terrible idea. the system should never know the plaintext password. logs capture a lot even automated emails. i don’t see a single reason to send the user their plaintext password and many reasons why they shouldn’t
minus-squarevoxel@sopuli.xyzlinkfedilinkEnglisharrow-up3arrow-down1·edit-29 months agopasswords are usually hashed server-side tho and that’s done for a reason. if handling passwords correctly, server side hashing is way more secure then client-side. (with client side hashing, hash becomes the password…)
this is still a terrible idea. the system should never know the plaintext password.
logs capture a lot even automated emails. i don’t see a single reason to send the user their plaintext password and many reasons why they shouldn’t
passwords are usually hashed server-side tho and that’s done for a reason.
if handling passwords correctly, server side hashing is way more secure then client-side. (with client side hashing, hash becomes the password…)