Insecure Password System

I just signed up to your site, and you emailed me back my password in plain text. This means you are storing them as plain text and they are not hashed or hashed and salted. This is super insecure and makes you a massive target for hackers. :expressionless:

The fact that the password is sent as plaintext once upon registering does not mean by itself that they’re stored that way. This forum platform is managed & hosted by Xobor so only they have DB access, thus I’ve no idea how they protect such info. Obviously I hope that they’re hashed but don’t know for sure. I’ll try asking.

@ariyasu :
Welcome to the Win-RAID Forum and thanks for your contribution.

AFAIK the only reason for sending the registration confirmation with nickname and password as plaintext is to avoid a failure of the first login done by the new Forum member.
By the way - the password can be changed by the user at any time, that means directly after the first login.

Dieter (alias Fernando)