476
Larion Studios forum stores your passwords in unhashed plaintext. (lemmy.world)
submitted 2 years ago by Cabrio@lemmy.world to c/games@lemmy.world
180 comments fedilink hide all child comments

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[-] inclementimmigrant@lemmy.world 47 points 2 years ago* (last edited 2 years ago)

While sending your password in plaintext over email is very much a bad idea and a very bad practice, it doesn't mean they store your password in their database as plaintext.

[-] JackbyDev@programming.dev 33 points 2 years ago

Encrypted passwords are still an unacceptable way to store passwords. They should be hashed.

[-] Cloodge@lemmy.world 15 points 2 years ago

(and salted before hashing.)

[-] Dicska@lemmy.world 11 points 2 years ago

And marinated in butter milk.

[-] Cloodge@lemmy.world 2 points 2 years ago

Peppered if you're feeling extra

[-] Michal@programming.dev 10 points 2 years ago

Just because they send out the password does not mean it's not hashed. They could send the email before hashing.

[-] JackbyDev@programming.dev 5 points 2 years ago

You're correct and after reading more of the thread I saw OP say this was sent immediately after registering. I don't have reason to believe it is stirred in plaintext unless they're storing s copy of every email they send.

[-] jeeva@lemmy.world 15 points 2 years ago

Would you accept "in a way that can be reversed"?

[-] Serdan@lemm.ee 14 points 2 years ago

Passwords shouldn't be stored at all though 🤷‍♂️

[-] Vlixz@lemmy.world 14 points 2 years ago

You mean plaintext passwords right? Ofcourse then need to store your (hashed)password!

[-] Serdan@lemm.ee 11 points 2 years ago

The hash is not the password.

[-] Vlixz@lemmy.world 4 points 2 years ago* (last edited 2 years ago)

My bad! I just misunderstood >⁠.⁠<

[-] jmcs@discuss.tchncs.de 7 points 2 years ago

If they stored the hashed password this thread wouldn't exist.

[-] TheFogan@lemmy.world 4 points 2 years ago

Point is, a hash isn't a password. giving the most you don't need tech knowledge analogy, it's like the passwords fingerprint.

The police station may keep your daughters fingerprint so that if they find a lost child they can recognize it is your daughter beyond any doubt. Your daughters fingerprints, is like a hash, your daughter is a password.

The police should not store your daughter... that's bad practice. The fingerprints are all they should store, and needless to say the fingerprints aren't your daughter, just as a hash isn't a password.

this post was submitted on 28 Sep 2023
476 points (100.0% liked)

Games

38586 readers
1658 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here and here.

founded 2 years ago
MODERATORS
Dremor@lemmy.world
JonsJava@lemmy.world
fxomt@lemmy.dbzer0.com
Dremor@jlai.lu
modfxomt@lemmy.world