If a "forgot your password?" page emails your old password, is that definitive proof that they have
Posted
by S. Michaels
on Super User
See other posts from Super User
or by S. Michaels
Published on 2009-09-25T16:16:18Z
Indexed on
2010/04/10
19:53 UTC
Read the original article
Hit count: 305
When a site emails your old password, as opposed to requiring you to reset it on the site, I'm wondering what that implies about their security measures.
Does this mean that they store the password in plain text for their own convenience or could they still use encryption on the password?
© Super User or respective owner