Passwords shouldn’t be stored at all though 🤷♂️
Comment on Larion Studios forum stores your passwords in unhashed plaintext.
inclementimmigrant@lemmy.world 8 months ago
While sending your password in plaintext over email is very much a bad idea and a very bad practice, it doesn’t mean they stole your password in their database as plaintext.
Serdan@lemm.ee 8 months ago
Vlixz@lemmy.world 8 months ago
You mean plaintext passwords right? Ofcourse then need to store your (hashed)password!
Serdan@lemm.ee 8 months ago
The hash is not the password.
Vlixz@lemmy.world 8 months ago
My bad! I just misunderstood ^_^
jmcs@discuss.tchncs.de 8 months ago
If they stored the hashed password this thread wouldn’t exist.
jeeva@lemmy.world 8 months ago
Would you accept “in a way that can be reversed”?
tonkatwuck@lemmynsfw.com 8 months ago
It’s possible that this email is a result of forum user creation, so during that submission the plaintext password was available to send to the user. Then it would be hashed and stored.
Serinus@lemmy.world 8 months ago
I don’t know why you’d give them any benefit of the doubt. They should have already killed that with this terrible security practice.
But yeah, sure, maybe this one giant, extremely visible lapse in security is the only one they have.
tonkatwuck@lemmynsfw.com 8 months ago
I’m just explaining how user authentication works for most web applications. The server will process your plaintext password when your account is created. It should then store that as a hashed string, but it can ALSO send out an email with that plaintext password to the user describing their account creation. This post does not identify that passwords are stored in plaintext, it just identifies that they email plaintext passwords which is poor security practice.