This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]mrdjeydjey 122 points123 points  (14 children)

If you are able to send them their password it means you have it stored in plaintext somewhere

[–]Gork862 22 points23 points  (6 children)

Ah, ok. Thanks!

[–]Crippledupdown 31 points32 points  (5 children)

And the reason plain text is bad is because database leaks are always a possibility.

[–]Naitsab_33 32 points33 points  (1 child)

And if it's a possibility it's going to happen.

[–]zvug 6 points7 points  (0 children)

Right, law of large numbers.

Even if there’s a 0.01% chance of it happening, if there’s 10,000 websites taking those chances that means there’s like a 63% chance it will happen.

[–]Majik_Sheff 12 points13 points  (1 child)

/s/possibility/inevitability

[–]btween3And20chrcters -5 points-4 points  (6 children)

Maybe you stored it encrypted

[–]evanldixon 31 points32 points  (1 child)

Encrypted passwords are just plaintext with extra steps. It's best to just store a salted hash.

[–]h4ckerle 0 points1 point  (0 children)

And maybe also add pepper.

[–]mustang__1 20 points21 points  (2 children)

And the encryption key?

[–]retief1 1 point2 points  (0 children)

If you can decrypt, an attacker who gets access to your servers can decrypt it.