|Hash the passwords|
| 4:52 am on May 27, 2010 (gmt 0)|
Got the feedback email, went to login, but I forgot which password I used to sign-up with. No problem, I used the lost password form.
The problem is, when the email arrives, instead of a reset link, I see my password starring at me in plain text.
I'm not suggesting you take security lightly, but storing passwords in the clear is a disaster waiting to happen.
I realize implementing hashing would be a big task, but it really has to be done IMO.
| 6:49 am on May 27, 2010 (gmt 0)|
Yes, this is definitely required. And seriously, it is not even that big thing to do.
| 9:55 am on May 27, 2010 (gmt 0)|
Yes, this should be a priority in my opinion.
| 11:30 am on May 27, 2010 (gmt 0)|
| 1:20 pm on May 27, 2010 (gmt 0)|
It is not just the password not being hashed (which is bad practice), but especially the password being sent in clear text via email.
The latter would not be possible with hashed passwords, so hashing passwords solves both issues.
| 3:26 pm on May 27, 2010 (gmt 0)|
I agree with this as well.
| 3:06 am on May 28, 2010 (gmt 0)|
I wasn't aware of this. Pretty outraging.
| 3:14 am on May 28, 2010 (gmt 0)|
Agreed, fix this problem.
| 9:32 am on May 28, 2010 (gmt 0)|
I agree, a little scary when you think about it.