I just reviewed welcome email for this forum from 2013.
The email contained my username and password along with reminder to remember the password because the forum's database stores the password encrypted and it can't be retrieved if I forget it.
That seems like a very bad practice. That password traveled in the clear through all the email servers and is in the databases and backups of those email services.
I hope this forums has stopped doing that since. The password should not be logged or emailed. It should be received through a channel that was encrypted all the way from the user to the backend server then immediately discarded after generating a salted hash.
Does the forum's welcome email still send password in the clear
Moderator: Moderators for English X Forum
Re: Does the forum's welcome email still send password in the clear
As it says at the bottom of the page, the forum uses phpBB. Back in 2013 I believe it was still using phpBB 2.0, which I think stored passwords encrypted using MD5. In phpBB 3.x, which the forum uses now, only salted password hashes are stored.
Re: Does the forum's welcome email still send password in the clear
You do realise that nearly all email is unencrypted, you have to use something like ProtonMail to get encrypted email. An easy way to see if someone is sending passwords over email, which used to be done pretty well by everyone back in the day. Anyway, what to do is do a forgotten password request and see if they send you the password or not.
Florida Man Makes Announcement.
We live in a crazy world where winter heating has become a luxury item.
We live in a crazy world where winter heating has become a luxury item.