@Cabrio@lemmy.world to Games@lemmy.worldEnglish • 9 months agoLarion Studios forum stores your passwords in unhashed plaintext.lemmy.worldimagemessage-square213fedilinkarrow-up1471arrow-down1152file-text
arrow-up1319arrow-down1imageLarion Studios forum stores your passwords in unhashed plaintext.lemmy.world@Cabrio@lemmy.world to Games@lemmy.worldEnglish • 9 months agomessage-square213fedilinkfile-text
Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.
minus-square@Kilamaos@lemmy.worldcakelinkfedilinkEnglish3•9 months agoOf course. You receive the password in plain on account creation, do the process you need, and then store it hashed. That’s fine and normal
minus-square@Vegasimov@reddthat.comlinkfedilinkEnglish5•9 months agoWhen you create an account you type your password in. This gets sent to the server, and then it is hashed and stored So there is a period of time where they have your unhashed password This is true of every website you have ever made a password on
minus-square@Vegasimov@reddthat.comlinkfedilinkEnglish-1•9 months agoI’ve never even heard of the game studio I’m not defending them, I was replying to the person who said the company should never have your unhashed password, and explaining that they have to at some point in the process
minus-square@dangblingus@lemmy.worldlinkfedilinkEnglish-7•9 months agoSo why would an agent at Larian have man-in-the-middle access between the password being sent to the server, and the auto-hash?
Of course. You receive the password in plain on account creation, do the process you need, and then store it hashed.
That’s fine and normal
deleted by creator
When you create an account you type your password in. This gets sent to the server, and then it is hashed and stored
So there is a period of time where they have your unhashed password
This is true of every website you have ever made a password on
deleted by creator
I’ve never even heard of the game studio I’m not defending them, I was replying to the person who said the company should never have your unhashed password, and explaining that they have to at some point in the process
So why would an agent at Larian have man-in-the-middle access between the password being sent to the server, and the auto-hash?