loading...

re: What are the worst security practices you've ever witnessed? VIEW POST

FULL DISCUSSION
 

I did some PHP for a client forum. Account resets sent passwords in plaintext through emails. I notified him that it is a bad practice and very not secure. I proposed solutions but he categorically refused and did not see anything wrong with doing that.

 

I still sometimes receive a plain text password in email when I click forgot password. Then I start hating people there. Ok, you store the passwords probably in clear text. At least don't send it back into the wild.

 

Oh you mean passwords that are already set on the account. Yeah, that's a big no-no.

Code of Conduct Report abuse