While sending your password in plaintext over email is very much a bad idea and a very bad practice, it doesn't mean they store your password in their database as plaintext.

[–] JackbyDev@programming.dev 23 points 1 year ago (1 children)

Encrypted passwords are still an unacceptable way to store passwords. They should be hashed.

[–] Michal@programming.dev 8 points 1 year ago (1 children)

Just because they send out the password does not mean it's not hashed. They could send the email before hashing.

[–] JackbyDev@programming.dev 5 points 1 year ago

You're correct and after reading more of the thread I saw OP say this was sent immediately after registering. I don't have reason to believe it is stirred in plaintext unless they're storing s copy of every email they send.

[–] jeeva@lemmy.world 11 points 1 year ago (1 children)

Would you accept "in a way that can be reversed"?

[–] tonkatwuck@lemmynsfw.com 1 points 1 year ago (1 children)

It's possible that this email is a result of forum user creation, so during that submission the plaintext password was available to send to the user. Then it would be hashed and stored.

[–] Serinus@lemmy.world 1 points 1 year ago

I don't know why you'd give them any benefit of the doubt. They should have already killed that with this terrible security practice.

But yeah, sure, maybe this one giant, extremely visible lapse in security is the only one they have.

[–] Serdan@lemm.ee 2 points 1 year ago (1 children)

Passwords shouldn't be stored at all though 🤷‍♂️

[–] Vlixz@lemmy.world 8 points 1 year ago (2 children)

You mean plaintext passwords right? Ofcourse then need to store your (hashed)password!

[–] Serdan@lemm.ee 7 points 1 year ago (1 children)

The hash is not the password.

[–] Vlixz@lemmy.world 3 points 1 year ago* (last edited 1 year ago)

My bad! I just misunderstood >⁠.⁠<

[–] jmcs@discuss.tchncs.de 3 points 1 year ago

If they stored the hashed password this thread wouldn't exist.