News > Forum Announcements

Forum Password Security

(1/1)

asuma28:
I just created a new account here and I noticed that my unencrypted password was emailed to me.  :o I am glad that it took my default generated LastPass password, but seeing it in an email was a bit surprising. Is this normal or can it be changed?

JeffT:
The only way to avoid this would be to have no way to reset a password (which relies on having access to your email account to authenticate you). The assumption is that your email account is secure. This is the model used by the vast majority of Internet services.

JeffT:
This no longer happens; the new version of SMF no longer emails the password.

Even with the old version, the password was never saved in plaintext - the password was generated and emailed immediately upon registering and the password wasn't saved. Both the old, and new versions, hashed the passwords in the database.

Navigation

[0] Message Index