this post was submitted on 30 Sep 2023
155 points (73.7% liked)
Programming
18855 readers
233 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This was hashed out pretty thoroughly in that thread.
The initial concern over the password being stored in plaintext was shown to be a mistaken assumption, and it was made clear that this kind of email doesn't happen anymore, it's an outdated problem.
No need to keep the discussion going past that, is there? Much less spread it around?
Sending passwords via email Will compromise any passwords sent via email. Regardless if the password is stored anywhere in the process if the password is sent via email it is compromised and no longer safe to use. Email is not end and encrypted you have no idea who's running the mail exchange servers that your email follows, it's entirely possible for this company to store that password in a log dealing with their email servers. Password sent via email should be considered immediately compromised and any sites following a practice like this should not be trusted with standard passwords which you shouldn't be using anyway.
100%. But that is a different problem and a different attack vector than storing passwords in plain text for authentication. When reporting security issues, it's important to be precise.