Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

You are viewing a single thread.
View all comments
36 points
*

While sending your password in plaintext over email is very much a bad idea and a very bad practice, it doesn’t mean they store your password in their database as plaintext.

permalink
report
reply
31 points

Encrypted passwords are still an unacceptable way to store passwords. They should be hashed.

permalink
report
parent
reply
15 points

(and salted before hashing.)

permalink
report
parent
reply
11 points

And marinated in butter milk.

permalink
report
parent
reply
8 points

Just because they send out the password does not mean it’s not hashed. They could send the email before hashing.

permalink
report
parent
reply
5 points

You’re correct and after reading more of the thread I saw OP say this was sent immediately after registering. I don’t have reason to believe it is stirred in plaintext unless they’re storing s copy of every email they send.

permalink
report
parent
reply
1 point
Deleted by creator
permalink
report
parent
reply
14 points

Would you accept “in a way that can be reversed”?

permalink
report
parent
reply
2 points

It’s possible that this email is a result of forum user creation, so during that submission the plaintext password was available to send to the user. Then it would be hashed and stored.

permalink
report
parent
reply
1 point

I don’t know why you’d give them any benefit of the doubt. They should have already killed that with this terrible security practice.

But yeah, sure, maybe this one giant, extremely visible lapse in security is the only one they have.

permalink
report
parent
reply
-1 points

Passwords shouldn’t be stored at all though 🤷‍♂️

permalink
report
parent
reply
12 points

You mean plaintext passwords right? Ofcourse then need to store your (hashed)password!

permalink
report
parent
reply
10 points

The hash is not the password.

permalink
report
parent
reply
3 points

If they stored the hashed password this thread wouldn’t exist.

permalink
report
parent
reply
2 points

Point is, a hash isn’t a password. giving the most you don’t need tech knowledge analogy, it’s like the passwords fingerprint.

The police station may keep your daughters fingerprint so that if they find a lost child they can recognize it is your daughter beyond any doubt. Your daughters fingerprints, is like a hash, your daughter is a password.

The police should not store your daughter… that’s bad practice. The fingerprints are all they should store, and needless to say the fingerprints aren’t your daughter, just as a hash isn’t a password.

permalink
report
parent
reply

Games

!games@lemmy.world

Create post

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

Community stats

  • 8.8K

    Monthly active users

  • 4.4K

    Posts

  • 92K

    Comments