|
|
|
|
|
|
by manuscreationis
4960 days ago
|
|
|
Receiving a plaintext password via Email is not proof that the password is stored in plaintext in the database. It is proof that they are not using a non-reversible hash to store it in their database. They could be storing it using a reversible encryption algorithm, of which there are many, and they are not considered "insecure". Or, in the worst case, they could be storing it unsecured. It's definitely a possibility. It's poor practice, for sure, to email someone a plaintext password, as email itself is prone to numerous attack vectors. But given the overall lack of evidence and insight into their back end, you don't have enough to draw either conclusion. |
|
|