Quote:
Originally Posted by Dankasaur
And judging by that screenshot it says "cannot use any previous used passwords" so unless they store that data for referencing every time they require a password change, you're essentially just giving the hacker more stuff to use against you if they do get the database... Thus making the password change requirement WORSE.
|
I'm not a fanboy of Paxum (regardless of the passwords, I think you're out your mind if you hand over all the private and personal info they demand) but I'd be surprised if they don't store your passwords hashed, and compare the hashes only. Anything else would be insanely reckless.
Quote:
Originally Posted by Dankasaur
So I forgot that they require the special characters in the password and as I use Chrome sync and password remembering I don't even know my original password... So I used the forgotten password feature, and guess what? My "new" password was sent to me in plaintext via email where anyone can hijack it...
|
Paxum send new passwords via email in plain text? Perhaps they do store them in plain text then.