hashed out
heheh
aaaa@lemmy.world 1 year ago
This was hashed out pretty thoroughly in that thread.
The initial concern over the password being stored in plaintext was shown to be a mistaken assumption, and it was made clear that this kind of email doesn’t happen anymore, it’s an outdated problem.
No need to keep the discussion going past that, is there? Much less spread it around?
hashed out
heheh
adhdplantdev@lemm.ee 1 year ago
Sending passwords via email Will compromise any passwords sent via email. Regardless if the password is stored anywhere in the process if the password is sent via email it is compromised and no longer safe to use. Email is not end and encrypted you have no idea who’s running the mail exchange servers that your email follows, it’s entirely possible for this company to store that password in a log dealing with their email servers. Password sent via email should be considered immediately compromised and any sites following a practice like this should not be trusted with standard passwords which you shouldn’t be using anyway.
aaaa@lemmy.world 1 year ago
Right, and everyone agreed that wasn’t the greatest practice. Two years ago.
This thread from two days ago was bringing attention to an issue that was fixed two years ago, and calling it out as if it was a different problem than it was.
It’s good to have discussions about security best practices, but this thread is pointless. This problem is simply not there anymore.
abhibeckert@lemmy.world 1 year ago
From the sounds of it, this was a password that the server randomly generated, so it’s never been used before, and you are forced to reset the password as soon as you use it, so it’ll never be used again.
frezik@midwest.social 1 year ago
Email often is end to end encrypted these days. It’s just that there are no guarantees.
flumph@programming.dev 1 year ago
100%. But that is a different problem and a different attack vector than storing passwords in plain text for authentication. When reporting security issues, it’s important to be precise.