Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.
this post was submitted on 28 Sep 2023
320 points (75.6% liked)
Games
32545 readers
1435 users here now
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Weekly Threads:
Rules:
-
Submissions have to be related to games
-
No bigotry or harassment, be civil
-
No excessive self-promotion
-
Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
-
Mark Spoilers and NSFW
-
No linking to piracy
More information about the community rules can be found here.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
no, they probably dont.
they just send it to your email upon registration, which is kinda a bad idea, but they are probably storing passwords hashed afterwards.
this is still a terrible idea. the system should never know the plaintext password.
logs capture a lot even automated emails. i don't see a single reason to send the user their plaintext password and many reasons why they shouldn't
passwords are usually hashed server-side tho and that's done for a reason.
if handling passwords correctly, server side hashing is way more secure then client-side. (with client side hashing, hash becomes the password...)