Yes, still not worth risking using a duplicate password though.
Comment on Larion Studios forum stores your passwords in unhashed plaintext.
AlmightySnoo@lemmy.world 1 year ago
That doesn’t really mean that they store it in plain text. They sent it to you after you finished creating your account, and it’s likely that the password was just in plain text during the registration. The question still remains whether they store their outgoing emails (in which case yes, your password would still be stored in plain text on their end, not in the database though).
Cabrio@lemmy.world 1 year ago
finestnothing@lemmy.world 1 year ago
Honestly, why risk duplicate passwords even then? I have one strong password that I use for accessing my password manager, and let the password manager generate unique random passwords. Even if I had an easier password that I duplicated with some small changes, I’d still use a password manager to autofill it anyway. I use bitwarden personally, you can also self host it with vaultwarden but it seemed like more trouble than it was worth imo
Decoy321@lemmy.world 1 year ago
This is a friendly reminder that password managers are not risk free either. LastPass was hacked last year, NortonLifeLock earlier this year.
finestnothing@lemmy.world 1 year ago
Personally the risk of bitwarden is outweighed by its convenience (compared to self hosted/local only solutions) in my opinion, but I know that’ll change real quick if bitwarden ever has a breach. If it does I’m jumping ship to a self hosted or local only solution, but I’m hoping that doesn’t have to happen
neatchee@lemmy.world 1 year ago
This is why I don’t use a common centralized password manager, just like I don’t use any of the most popular remote desktop solutions like TeamViewer for unattended access.
I run a consumer copy of Pleasant Password Manager out of AWS and use NoMachine for unattended access to any machines where I need it.
Security through obscurity is tried and true. Put as little of your security attack surface in the hands of others as is reasonable.
Hexarei@programming.dev 1 year ago
Centralized, third party password managers, yes. Local-only managers like KeepassXC though, no concerns over some company getting hacked or cheeky
wahming@monyet.cc 1 year ago
Applies to every site ever
trustnoone@lemmy.sdf.org 1 year ago
I actually think this is the case. I could be completely wrong but I swear I saw the same question like 6 years ago in another forum software that looks exactly like this one lol. And people compalined about it storing plain text, but the response when asking the forum people was that it was only during that password creation, it’s not actually stored.
I don’t know if it’s crazy for me to think it’s the same forum from that many years ago, still doing the same thing and getting the same question.
glad_cat@lemmy.sdf.org 1 year ago
We all know that they store it in plain text.
ryannathans@aussie.zone 1 year ago
Came here to say this
ono@lemmy.ca 1 year ago
Your guess is confirmed here.
Also, no, the password would not necessarily still be stored in plain text on their end. The cleartext password used in that email might be only in memory, and discarded after sending the message. Depends on how the UBB forum software implemented it.
Asudox@lemmy.world 1 year ago
It is still a bad idea to send the password in plaintext via email.
Empricorn@feddit.nl 1 year ago
There’s a lot of reasons why emailing passwords is not the best practice… But AI bots stealing your password to give people free demos is a wild paranoid fever dream.
Asudox@lemmy.world 1 year ago
It is meant to be as a joke, of course the AI is not that dumb enough to give it away as free demo. Why am I being downvoted? Why don’t people understand jokes these days? Do I always have to include /s when making a sarcastic joke?
ono@lemmy.ca 1 year ago
Nobody suggested otherwise.
nogooduser@lemmy.world 1 year ago
You should always change your password from the system generated one to prevent that from happening. The app that you signed up for should enforce that by making you change your password when you log in.
Cabrio@lemmy.world 1 year ago
It’s not a system generated one they sent, it was user generated.
Cabrio@lemmy.world 1 year ago
¿Porque no los dos?
Took them 23 years to fix it last time, seems public awareness would be important in the interim, no?