Welcome to WebmasterWorld Guest from 54.196.243.192

Forum Moderators: brett tabke

Message Too Old, No Replies

Hash the passwords

     
4:52 am on May 27, 2010 (gmt 0)

New User

5+ Year Member

joined:Mar 2, 2009
posts: 1
votes: 0


Got the feedback email, went to login, but I forgot which password I used to sign-up with. No problem, I used the lost password form.

The problem is, when the email arrives, instead of a reset link, I see my password starring at me in plain text.

I'm not suggesting you take security lightly, but storing passwords in the clear is a disaster waiting to happen.

I realize implementing hashing would be a big task, but it really has to be done IMO.
6:49 am on May 27, 2010 (gmt 0)

New User

5+ Year Member

joined:Jan 15, 2009
posts:2
votes: 0


Yes, this is definitely required. And seriously, it is not even that big thing to do.
9:55 am on May 27, 2010 (gmt 0)

Junior Member

10+ Year Member

joined:Mar 29, 2005
posts:67
votes: 0


Yes, this should be a priority in my opinion.
11:30 am on May 27, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 10, 2004
posts:1342
votes: 0


Yikes.
1:20 pm on May 27, 2010 (gmt 0)

New User

10+ Year Member

joined:Nov 4, 2003
posts:7
votes: 0


It is not just the password not being hashed (which is bad practice), but especially the password being sent in clear text via email.
The latter would not be possible with hashed passwords, so hashing passwords solves both issues.
3:26 pm on May 27, 2010 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 17, 2005
posts:4966
votes: 10


I agree with this as well.
3:06 am on May 28, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:Dec 29, 2002
posts:533
votes: 0


I wasn't aware of this. Pretty outraging.
3:14 am on May 28, 2010 (gmt 0)

New User

5+ Year Member

joined:Dec 10, 2009
posts:7
votes: 0


Agreed, fix this problem.
9:32 am on May 28, 2010 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 5, 2008
posts:94
votes: 0


I agree, a little scary when you think about it.