If a "forgot your password?" page emails your old password, is that definitive proof that they have

Posted by S. Michaels on Super User See other posts from Super User or by S. Michaels
Published on 2009-09-25T16:16:18Z Indexed on 2010/04/10 19:53 UTC
Read the original article Hit count: 305

Filed under:
|
|

When a site emails your old password, as opposed to requiring you to reset it on the site, I'm wondering what that implies about their security measures.

Does this mean that they store the password in plain text for their own convenience or could they still use encryption on the password?

© Super User or respective owner

Related posts about security

Related posts about passwords