Quote:
|
Originally Posted by Validus
I do understand that? what I am saying though is, I am not too big of a fan of getting plain text mails with passwords. I would have much rather have to contact epassporte than having my password sent through the world? or have the account locked and get a link where to change it (with security question or something).
Thinking about it now, it actually worries me a little. Passwords should be stored encrypted in the DB, if they aren?t? is my credit card number stored in plain text as well?
|
You have no reason to belief they're not encrypted just because they
generated a new one and sent it to you.
The plain text pass its an issue ofcourse and what you should do
is change it imediately.
What worries is me is their way of generating passwords Lddddddd
this is very easy to brute force and they dont have a limit of failed attempts
at least I didn't see it.