@[email protected] to [email protected]English • 9 months agoLarion Studios forum stores your passwords in unhashed plaintext.lemmy.worldimagemessage-square217arrow-up1476arrow-down1153file-text
arrow-up1323arrow-down1imageLarion Studios forum stores your passwords in unhashed plaintext.lemmy.world@[email protected] to [email protected]English • 9 months agomessage-square217file-text
Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
minus-square@[email protected]linkfedilinkEnglish11•9 months agothis is still a terrible idea. the system should never know the plaintext password. logs capture a lot even automated emails. i don’t see a single reason to send the user their plaintext password and many reasons why they shouldn’t
minus-squarevoxellinkfedilinkEnglish2•edit-29 months agopasswords are usually hashed server-side tho and that’s done for a reason. if handling passwords correctly, server side hashing is way more secure then client-side. (with client side hashing, hash becomes the password…)
this is still a terrible idea. the system should never know the plaintext password.
logs capture a lot even automated emails. i don’t see a single reason to send the user their plaintext password and many reasons why they shouldn’t
passwords are usually hashed server-side tho and that’s done for a reason.
if handling passwords correctly, server side hashing is way more secure then client-side. (with client side hashing, hash becomes the password…)