Welcome to WebmasterWorld Guest from 220.127.116.11 , register , free tools , login , search , pro membership , help , library , announcements , recent posts , open posts Become a Pro Member
Hash the passwords novanet
Got the feedback email, went to login, but I forgot which password I used to sign-up with. No problem, I used the lost password form. The problem is, when the email arrives, instead of a reset link, I see my password starring at me in plain text. I'm not suggesting you take security lightly, but storing passwords in the clear is a disaster waiting to happen. I realize implementing hashing would be a big task, but it really has to be done IMO.
Yes, this is definitely required. And seriously, it is not even that big thing to do. Jim Westergren
Yes, this should be a priority in my opinion. blaze
It is not just the password not being hashed (which is bad practice), but especially the password being sent in clear text via email. The latter would not be possible with hashed passwords, so hashing passwords solves both issues. Fotiman
I agree with this as well. MWpro
I wasn't aware of this. Pretty outraging. hotrod4x5
Agreed, fix this problem. morehawes
I agree, a little scary when you think about it.