Forum Security – Emails raw password?

We’ve moved over to the paradox forums. Please come visit us there to discuss:
You can still read the collective wisdom - and lolz - of the community here, but posting is no longer possible.

Home Forums Off Topic/General Discussion Forum Security – Emails raw password?

This topic contains 2 replies, has 2 voices, and was last updated by  CEZ 8 years, 7 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • #11981

    CEZ
    Member

    I just wanted to express a small concern… When I registered on the site I got an email containing my username and password.

    As far as I’m aware, it’s actually considered a very bad/insecure practice to send raw passwords via email (Google it) – and try and name one big enterprise business that does it (you’ll struggle).

    I assume the passwords in your database are hashed, as your reset option is a new password link, you don’t send us our password like you do at registration – that’s all good.

    Anyway I’m not trying to tell anyone how to do their job, or be a smart-arse. I just wanted to bring that to someone’s attention.

    As from what I know/have read or been told – it shouldn’t be done. But please correct me if I’m wrong!

    #11984

    jimmy
    Member

    Thanks for your suggestion and taking the time to submit it to us. This is something we will look into.
    Security and the protection of your account are taken very seriously. As you correctly said we do hash (and salt) all the passwords.

    If this adds some additional security without inconveniencing our users too much, we’ll make some changes.

    #12064

    CEZ
    Member

    Glad to hear it, thanks for the response! 🙂

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.