Even new development in Minneapolis makes me numb and sad and angry. This on top of that twat in NYC trying to get cops to hurt another African-American man
( Read more... )
they were storing passwords as plain text. I'm not techie but that sounds dumb
Oy. yeah, not good - but surprisingly, not that uncommon.
If they encrypt your password to store it, they CANNOT GET IT BACK - when you type your password in to log in, they actually encrypt what you type, and compare the new encrypted value with the encrypted value in the database. They don't decrypt the stored value and compare it to what you typed.
Which is why, "I forgot my password" links generally don't just tell you what your password was, they make you reset it to something new. Any site that will 'send you your password' if you forget it - is absolutely storing passwords in plain text.
Thanks, this is very helpful to know. I never thought about this in those terms but this is absolutely good to know. I don't think I have any that will send me my password (but if I find one i'll make note of that!)
It feels backwards and I always have to correct my thinking - I always assumed that you decrypt the stored value to compare it to what I typed - but if you can decrypt it...then it's not secure :D
Comments 11
Reply
Reply
Reply
Reply
Oy. yeah, not good - but surprisingly, not that uncommon.
If they encrypt your password to store it, they CANNOT GET IT BACK - when you type your password in to log in, they actually encrypt what you type, and compare the new encrypted value with the encrypted value in the database. They don't decrypt the stored value and compare it to what you typed.
Which is why, "I forgot my password" links generally don't just tell you what your password was, they make you reset it to something new.
Any site that will 'send you your password' if you forget it - is absolutely storing passwords in plain text.
Reply
Reply
Reply
Reply
Reply
Reply
Reply
Leave a comment