this post was submitted on 28 Sep 2023
322 points (75.6% liked)
Games
32575 readers
1499 users here now
Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.
Weekly Threads:
Rules:
-
Submissions have to be related to games
-
No bigotry or harassment, be civil
-
No excessive self-promotion
-
Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts
-
Mark Spoilers and NSFW
-
No linking to piracy
More information about the community rules can be found here.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Encrypted passwords are still an unacceptable way to store passwords. They should be hashed.
(and salted before hashing.)
And marinated in butter milk.
Peppered if you're feeling extra
Just because they send out the password does not mean it's not hashed. They could send the email before hashing.
You're correct and after reading more of the thread I saw OP say this was sent immediately after registering. I don't have reason to believe it is stirred in plaintext unless they're storing s copy of every email they send.