|
|
|
|
|
|
by tetha
4775 days ago
|
|
|
A bunch of people on plaintextoffenders.com appear to be confused. They all complain "Oh look they mailed me my password direct after registration, they must store it in plain text". That's wrong. During registration, I have your password in plain text because you just gave it to me in plain text in order to register your account. Sure, we can discuss about sending the password via email, we can discuss hashing the password client side or server side and so on, but a simple mail "You just registered with this password" doesn't tell anything about password storage. |
|
|
Just to note - we have talked about it before here: http://plaintextoffenders.com/post/7006690494/whats-so-wrong...