Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

  • Mirodir
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    1
    ·
    1 year ago

    …and if they keep the emails they send out archived (which would be reasonable), they also have it stored in plaintext there.

      • glitches_brew@lemmy.world
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        1
        ·
        1 year ago

        As the designated email dev at my company I can confidently say this is not true.

        Not saying that this specific email is persisted, but almost all that I work with are. It’s a very common practice.

        • tocopherol@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I wonder how much this varies depending on the amount of data it would require to store the emails of a company. I know nothing about this subject, but does it occur where companies with very large email lists would forgo storing those types of emails to save data costs?

          • glitches_brew@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            In my experience it varies a lot. Even in our own system certain emails are stored differently. There are a few “we legally have to deliver this email and might need to prove it later” notifications. We store a PDF of those in s3. For others we might just save the data, a sent timestamp, and a key for which email visual template was used.

            I also thought of a counter argument to my point overnight. We don’t store one super duper high volume email which is the email that only has an MFA code. We would also absolutely never ever dream about allowing a plaintext password in an email, so we’re probably following different patterns in the first place.