this post was submitted on 28 Sep 2023
322 points (75.6% liked)

Games

31990 readers
2 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
322
Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world)
submitted 1 year ago by [email protected] to c/[email protected]
217 comments fedilink hide all child comments
 

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 1 year ago (7 children)

My bank has a character limit, but they don't tell you about it; they just trim the password you've set before hashing + saving it, then when you go to login if you don't trim your password the same way they did, login fails.

I only know this because the mobile app will actually grey out the login button as soon as you enter more than the character limit. The web app just leaves you to be confused.

[–] [email protected] 1 points 1 year ago (3 children)

Doesnt lemmy also do it? I think I ve heard from Ruben at Boostforlemmy that lemmy only treats first 60 characters of your password as a password and the rest gets discarded. [citation needed]

[–] [email protected] 1 points 1 year ago (1 children)

Can't say I've ever tried to use a password quite that long, so I'm not sure.

Not ideal, but trimming it (especially when you're keeping 60 chars) isn't the end of the world. It was just super confusing that the web app doesn't trim it during login as well. There's no indication that your password was modified or what you've entered to login is too long. Just 'incorrect user/pass' despite entering what you've just set. That char limit for my bank is only 16 chars, so it's easy to hit.

[–] [email protected] 1 points 1 year ago

It's a big deal IMO, particularly because at login it doesn't do the same. From the user perspective, your password has effectively been modified without your knowledge and no reasonable way of finding out. Good luck getting access to your account.
When a bank does this it should be considered gross negligence.

load more comments (1 replies)
load more comments (4 replies)