Author Topic: Sign-Up Security  (Read 8961 times)

0 Members and 1 Guest are viewing this topic.

January 21, 2014, 11:05:23 PM
Read 8961 times

Proteu5

  • New Member

  • Offline
  • *

  • 5
  • Karma:
    1
    • View Profile
Hey!

It's nice to be back here. I tend tread the esoteric side in cycles; however, I hope this time for much longer.

My concern was that on there should be a main page warning or notice for new members saying that their password they use to sign up will be emailed in plain text form. This is not a problem, however, I know that some people who do online banking may choose the same one password for everything they do. As secure and kind as I remember everyone here to be, there are always those looking and snooping, having an undeleted email in your inbox with that password could be dangerous.

Just looking out.

February 21, 2014, 09:12:49 PM
Reply #1

kobok

  • Tech Team
  • Posts By Osmosis

  • Offline
  • *****
  • Veritas Council

  • 4984
  • Karma:
    171
  • Personal Text
    Veritas Council
    • View Profile
I wasn't aware the current version of the forum software emailed out the passwords, and I would click to disable that if I could spot a configurable option for it.

But to be clear, under no circumstances should anyone ever use the same password for online banking as for any online forum.  While we endeavor to maintain good security here, as a non-profit site with shared hosting and maintained in the spare time of a few people, we don't have anywhere near the proper funding necessary to achieve the level of security necessary to be mixed with online banking.  Nor does any other online forum reach that level as a matter of standard practice.

EDIT:  I found a spot in the templates to disable sending the password with the welcome email.  But still, do not reuse passwords in that manner.
« Last Edit: February 21, 2014, 09:25:39 PM by kobok »
Latest article:  Construct Dynamics

Want to learn psi?  Check out our collection of psi articles.

March 05, 2014, 01:21:35 AM
Reply #2

Akenu

  • Posts By Osmosis

  • Offline
  • *****

  • 3312
  • Karma:
    -42
  • Personal Text
    यम या रा आना
    • View Profile
    • Akenu's Initiation
Password is sent in the plain text during registration, but after that only a hash of the password is stored in the database.