Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
duckWit56166yI bet they used your new password that you typed to hash it in the db with a salt, and then simultaneously shot the new one off to your email while it was still in memory. If I'm right, "encrypted" is the wrong word to use here, as the hash is irreversible.
Either way, very stupid and shame on them. -
There is no difference then sending a one time url or a one time password over sms. A one time password should not have issues.
-
They already are on plaintextoffenders.com, I suggest you get one of the browser-addons that rely on this list.
-
ng190528486yWell, sending plain passwords is dumb, but I scroll through mail server logs every day and there's no such thing like logging the *content* of the mail
-
JS96184546y@Codex404 this isn’t a one time password. They send it to you every time you change it.
-
JS96184546y@ng1905 ok then, but emails aren’t a secure transmission system, they shouldn’t be use to send this kind of information
Related Rants
You, stupid fucking game, have just sent me my new password in plain text via email?
"the password is encrypted and cannot be sent again"???
So… you send the password in plain text, and only then encrypt it, right?
But it's still in plain text in your email logs, fucking bastards.
rant
fucking game
plain text
password