Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
While sending your password in plaintext over email is very much a bad idea and a very bad practice, it doesn’t mean they store your password in their database as plaintext.
Encrypted passwords are still an unacceptable way to store passwords. They should be hashed.
Just because they send out the password does not mean it’s not hashed. They could send the email before hashing.
It’s possible that this email is a result of forum user creation, so during that submission the plaintext password was available to send to the user. Then it would be hashed and stored.
I don’t know why you’d give them any benefit of the doubt. They should have already killed that with this terrible security practice.
But yeah, sure, maybe this one giant, extremely visible lapse in security is the only one they have.
You mean plaintext passwords right? Ofcourse then need to store your (hashed)password!
Point is, a hash isn’t a password. giving the most you don’t need tech knowledge analogy, it’s like the passwords fingerprint.
The police station may keep your daughters fingerprint so that if they find a lost child they can recognize it is your daughter beyond any doubt. Your daughters fingerprints, is like a hash, your daughter is a password.
The police should not store your daughter… that’s bad practice. The fingerprints are all they should store, and needless to say the fingerprints aren’t your daughter, just as a hash isn’t a password.
