Larian Banner
Previous Thread
Next Thread
Print Thread
Don't Send Passwords In Plain Text #669248
23/06/20 02:41 AM
23/06/20 02:41 AM
Joined: Jun 2020
Posts: 4
Rezeki Offline OP
stranger
Rezeki  Offline OP
stranger

Joined: Jun 2020
Posts: 4
Just made an account and got an email with my username and password in plain text. Why in the world would you send a password in plain text??? Beats me, but that's a MAJOR security flaw. Nobody should ever, for any reason, EVER send a password ANYWHERE in plain text. Makes me wonder if Larian stores passwords in plain text? I dunno, I'm kinda doubting security in Larian's products now.

Huge fan of Larian, but this is a really big problem that should be fixed ASAP.

Keep up the good work guys, you're seriously the best game studio out there.

Re: Don't Send Passwords In Plain Text [Re: Rezeki] #669268
23/06/20 09:45 AM
23/06/20 09:45 AM
Joined: Mar 2003
Posts: 27,513
Canada
Raze Offline

Larian Studios
Raze  Offline

Larian Studios

Joined: Mar 2003
Posts: 27,513
Canada

There are plans to update the forum, including for better security (the main issue with changing the forum software is concern over reliably migrating all of the existing content).
After emailing (admittedly not current best practice), the passwords are hashed and only the hash is stored.

Re: Don't Send Passwords In Plain Text [Re: Raze] #669297
23/06/20 03:58 PM
23/06/20 03:58 PM
Joined: Jun 2020
Posts: 4
Rezeki Offline OP
stranger
Rezeki  Offline OP
stranger

Joined: Jun 2020
Posts: 4
Thanks for the quick response! I understand the difficulties of migrating everything, and hope you can migrate everything smoothly!


Moderated by  Dom_Larian, Larian_QA, Lynn, Macbeth, Raze 

Powered by UBB.threads™ PHP Forum Software 7.6.2