Welcome Guest Search | Active Topics | Sign In | Register

EO account password storage in plain text [security risk] Options
Riephi
Posted: Friday, November 20, 2015 6:52:48 AM
Rank: Advanced Member
Groups: Member

Joined: 7/17/2015
Posts: 50
Hi,

I recently changed the password of my Essential Objects account. In the confirmation mail you sent me, the new password was confirmed to me in plain text. Please hash your passwords correctly and never never never store them in plain text. This is a massive security risk and almost a dealbreaker for many businesses, including ours.

Kind regards
eo_support
Posted: Friday, November 20, 2015 8:40:47 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,067
Hi,

We do not store your password in plain text. The only case you see the password in plain text is when you reset your password so that the system would generate a temporary password in order for you to login. You would then using the temporary password to login and then change your password to whatever you can remember. In both cases (the temporary password and your final actual password) are encrypted when we store them in the database. We use the standard practice of storing a hash in the database and then comparing it with the computed hash value based on the password you entered to verify whether your password is correct.

Hope this clears it up. Please feel free to let us know if you still have any concerns.

Thanks!


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.