Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
why? Email is mostly secure (SMTP-TLS), and if you don't trust your email provider with your passwords, then change.
Afraid of getting email account hacked? enable 2fa then. -
@sebastian the problem isn't that your email is insecure. The problem is the implication of your password being stored unencrypted at the site you signed up with
-
Root797548y@sebastian
Even if it's encrypted end-to-end with rsa/pgp keys, it's still storing your credentials on someone else's server(s), and the originator still has access to your unencrypted password. This means, at best, they're using a reversible encryption, and at worst (and most likely) they're storing them in clear text.
Everything about this scenario is very worrying. -
Report them to plaintxtoffenders.com? If they can send you your password, it means their system is incredibly insecure! When their system is breeched your password will be available in plain. F*cking basic security! Hash the password with a salt. (I actually don't know how to build that, but that is why I don't build shit like that)
-
When this happens to me I normally just report them to http://plaintextoffenders.com so they end up on that list.
Then I'll​ email their support team (if they have one) and advise they maybe plan on rectifying it sometime so they don't show up in the plaintext database.
I've had a couple success stories where businesses have made the changes made emailed me back thanking me for letting them know that it was a problem. -
@Charmgoggles most data bases have support for hashing tables and storing hashed values (salting and etc done for you). MySQL has this not sure What hashing they use maybe SHA
-
@Ashkin @codetinkery Not if they email you the password at signup/change. Eg just after you entered it, but before its hashed and saved in db.
-
Ahaha I litrually just opened an email with both my username and password in it sent to me xD
I hate it when websites send me an email showing my username along with my password!
undefined