Password Security: Salt Hash

Go down

Do you agree or disagree ?

60% 60% 
[ 3 ]
40% 40% 
[ 2 ]
 
Total Votes : 5

Password Security: Salt Hash

Post by SAA on March 15th 2016, 8:38 pm

When I made my account, I got an email with my username and password in plain text...

"Please do not forget your password as it has been encrypted in our database: we cannot retrieve it for you. However, if you forget your password, you can request a new one to an Administrator."

Hopefully, by encrypted, you mean Salted Hash. That being said, even if the email is sent before the password becomes hashed, there's still a large security risk as emails are not 100% secure. You want the length of time that a password is held unencrypted to be minimal.

http://plaintextoffenders.com/about/
avatar
SAA
New Member

Posts : 2
Reputation : 1
Language : English

http://saa953@gmail.com

Back to top Go down

Re: Password Security: Salt Hash

Post by SLGray on March 15th 2016, 9:59 pm

Is this suggestion for only the support forum or all forums?


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 43087
Reputation : 3049
Language : English
Location : United States

https://fmthemes.forumotion.com/

Back to top Go down

Re: Password Security: Salt Hash

Post by SAA on March 16th 2016, 1:04 am

All forums, especially for support because if support get's hacked, the rest might be screwed.

I'm kind of new here, so excuse me if I posted to the wrong sub forum.

I initially signed up at http://project-contingency.forumotion.com/. When I brought up this issue, I was told that Forumotion handles the account creation process. So, I came here. Since this is handled by Forumotion itself, I figured I should post this here. However, since this affects all forums, it seems that I posted in the wrong place. In that case, please move this thread to the appropriate sub-forum.
avatar
SAA
New Member

Posts : 2
Reputation : 1
Language : English

http://saa953@gmail.com

Back to top Go down

Re: Password Security: Salt Hash

Post by SLGray on March 16th 2016, 2:42 am

Move to the correct section.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 43087
Reputation : 3049
Language : English
Location : United States

https://fmthemes.forumotion.com/

Back to top Go down

Re: Password Security: Salt Hash

Post by Niko on March 16th 2016, 9:53 am

Hello

I must admit this is strange.. when you create a forum the password is not displayed (you see "use the password you have chosen" instead)... but with accounts creation..

I really don't know Razz
avatar
Niko
Hyperactive

Male Posts : 2299
Reputation : 98
Language : English, French, Italian, Spanish, Latin

Back to top Go down

Re: Password Security: Salt Hash

Post by SLGray on August 22nd 2017, 9:23 pm

Cleaning up the suggestion section.


When your topic has been solved, ensure you mark the topic solved.
Never post your email in public.

avatar
SLGray
Administrator
Administrator

Male Posts : 43087
Reputation : 3049
Language : English
Location : United States

https://fmthemes.forumotion.com/

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum