Author Topic: Forum Password Security (Read 4422 times)

asuma28 · « **on:** October 22, 2012, 08:50:16 pm »

I just created a new account here and I noticed that my unencrypted password was emailed to me.

I am glad that it took my default generated LastPass password, but seeing it in an email was a bit surprising. Is this normal or can it be changed?

JeffT · « **Reply #1 on:** October 22, 2012, 11:44:32 pm »

The only way to avoid this would be to have no way to reset a password (which relies on having access to your email account to authenticate you). The assumption is that your email account is secure. This is the model used by the vast majority of Internet services.

JeffT · « **Reply #2 on:** February 27, 2013, 04:20:49 am »

This no longer happens; the new version of SMF no longer emails the password.

Even with the old version, the password was never saved in plaintext - the password was generated and emailed immediately upon registering and the password wasn't saved. Both the old, and new versions, hashed the passwords in the database.

Kumoricon

News:

Author Topic: Forum Password Security (Read 4422 times)

asuma28

Forum Password Security

JeffT

Re: Forum Password Security

JeffT

Re: Forum Password Security