Welcome to WebmasterWorld Guest from 54.158.54.179

Forum Moderators: brett tabke

Message Too Old, No Replies

Hash the passwords

     
4:52 am on May 27, 2010 (gmt 0)

5+ Year Member



Got the feedback email, went to login, but I forgot which password I used to sign-up with. No problem, I used the lost password form.

The problem is, when the email arrives, instead of a reset link, I see my password starring at me in plain text.

I'm not suggesting you take security lightly, but storing passwords in the clear is a disaster waiting to happen.

I realize implementing hashing would be a big task, but it really has to be done IMO.
6:49 am on May 27, 2010 (gmt 0)

5+ Year Member



Yes, this is definitely required. And seriously, it is not even that big thing to do.
9:55 am on May 27, 2010 (gmt 0)

10+ Year Member



Yes, this should be a priority in my opinion.
11:30 am on May 27, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Yikes.
1:20 pm on May 27, 2010 (gmt 0)

10+ Year Member



It is not just the password not being hashed (which is bad practice), but especially the password being sent in clear text via email.
The latter would not be possible with hashed passwords, so hashing passwords solves both issues.
3:26 pm on May 27, 2010 (gmt 0)

WebmasterWorld Senior Member fotiman is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



I agree with this as well.
3:06 am on May 28, 2010 (gmt 0)

10+ Year Member



I wasn't aware of this. Pretty outraging.
3:14 am on May 28, 2010 (gmt 0)

5+ Year Member



Agreed, fix this problem.
9:32 am on May 28, 2010 (gmt 0)

5+ Year Member



I agree, a little scary when you think about it.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month