Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

    • tonkatwuck@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      1 year ago

      It’s possible that this email is a result of forum user creation, so during that submission the plaintext password was available to send to the user. Then it would be hashed and stored.

      • Serinus@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        1 year ago

        I don’t know why you’d give them any benefit of the doubt. They should have already killed that with this terrible security practice.

        But yeah, sure, maybe this one giant, extremely visible lapse in security is the only one they have.

        • tonkatwuck@lemmynsfw.com
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          I’m just explaining how user authentication works for most web applications. The server will process your plaintext password when your account is created. It should then store that as a hashed string, but it can ALSO send out an email with that plaintext password to the user describing their account creation. This post does not identify that passwords are stored in plaintext, it just identifies that they email plaintext passwords which is poor security practice.

          • Serinus@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            This particular poor security practice is very much like a roach. If you see one you have a bigger problem.

            See, I can also repeat myself as though you didn’t understand the first time.