Rank: Advanced Member Groups: Member
Joined: 7/17/2015 Posts: 50
|
Hi,
I recently changed the password of my Essential Objects account. In the confirmation mail you sent me, the new password was confirmed to me in plain text. Please hash your passwords correctly and never never never store them in plain text. This is a massive security risk and almost a dealbreaker for many businesses, including ours.
Kind regards
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,203
|
Hi,
We do not store your password in plain text. The only case you see the password in plain text is when you reset your password so that the system would generate a temporary password in order for you to login. You would then using the temporary password to login and then change your password to whatever you can remember. In both cases (the temporary password and your final actual password) are encrypted when we store them in the database. We use the standard practice of storing a hash in the database and then comparing it with the computed hash value based on the password you entered to verify whether your password is correct.
Hope this clears it up. Please feel free to let us know if you still have any concerns.
Thanks!
|