Quote:
Originally Posted by AdultEUhost
That is not true and most unlikely
They can have it stored in their database as a md5 hash for example and just compare your entry after they md5 it.
The point is though that they do have the old passwords which makes this whole email with a clear text password in it not only unnecessary but from a security point a view also very stupid
|
Oops brain fart. Of course they are being hashed on the fly and compared. Although I'm not a big fan of companies storing my old passwords because they could still be in use elsewhere. Also nobody should use MD5 these days.
Edit: I remember why I said it was plaintext now. The site said that the password was too similar to one I've used before so it's not a hash that's being stored.