Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

  • darkkite@lemmy.ml
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    8
    ·
    1 year ago

    this is still a terrible idea. the system should never know the plaintext password.

    logs capture a lot even automated emails. i don’t see a single reason to send the user their plaintext password and many reasons why they shouldn’t

    • voxel@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      1 year ago

      passwords are usually hashed server-side tho and that’s done for a reason.
      if handling passwords correctly, server side hashing is way more secure then client-side. (with client side hashing, hash becomes the password…)