Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

You are viewing a single thread.
View all comments View context
14 points

Would you accept “in a way that can be reversed”?

permalink
report
parent
reply
2 points

It’s possible that this email is a result of forum user creation, so during that submission the plaintext password was available to send to the user. Then it would be hashed and stored.

permalink
report
parent
reply
1 point

I don’t know why you’d give them any benefit of the doubt. They should have already killed that with this terrible security practice.

But yeah, sure, maybe this one giant, extremely visible lapse in security is the only one they have.

permalink
report
parent
reply
-1 points

I’m just explaining how user authentication works for most web applications. The server will process your plaintext password when your account is created. It should then store that as a hashed string, but it can ALSO send out an email with that plaintext password to the user describing their account creation. This post does not identify that passwords are stored in plaintext, it just identifies that they email plaintext passwords which is poor security practice.

permalink
report
parent
reply

Games

!games@lemmy.world

Create post

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

Community stats

  • 8.8K

    Monthly active users

  • 4.3K

    Posts

  • 89K

    Comments