Larian Banner
Previous Thread
Next Thread
Print Thread
Don't Send Passwords In Plain Text #669248
23/06/20 02:41 AM
23/06/20 02:41 AM
Joined: Jun 2020
Posts: 6
Rezeki Offline OP
stranger
Rezeki  Offline OP
stranger

Joined: Jun 2020
Posts: 6
Just made an account and got an email with my username and password in plain text. Why in the world would you send a password in plain text??? Beats me, but that's a MAJOR security flaw. Nobody should ever, for any reason, EVER send a password ANYWHERE in plain text. Makes me wonder if Larian stores passwords in plain text? I dunno, I'm kinda doubting security in Larian's products now.

Huge fan of Larian, but this is a really big problem that should be fixed ASAP.

Keep up the good work guys, you're seriously the best game studio out there.

Re: Don't Send Passwords In Plain Text [Re: Rezeki] #669268
23/06/20 09:45 AM
23/06/20 09:45 AM
Joined: Mar 2003
Posts: 27,611
Canada
Raze Offline

Larian Studios
Raze  Offline

Larian Studios

Joined: Mar 2003
Posts: 27,611
Canada

There are plans to update the forum, including for better security (the main issue with changing the forum software is concern over reliably migrating all of the existing content).
After emailing (admittedly not current best practice), the passwords are hashed and only the hash is stored.

Re: Don't Send Passwords In Plain Text [Re: Raze] #669297
23/06/20 03:58 PM
23/06/20 03:58 PM
Joined: Jun 2020
Posts: 6
Rezeki Offline OP
stranger
Rezeki  Offline OP
stranger

Joined: Jun 2020
Posts: 6
Thanks for the quick response! I understand the difficulties of migrating everything, and hope you can migrate everything smoothly!

Re: Don't Send Passwords In Plain Text [Re: Rezeki] #671188
28/07/20 10:57 PM
28/07/20 10:57 PM
Joined: Jul 2020
Posts: 8
Languid Lizard Offline
stranger
Languid Lizard  Offline
stranger

Joined: Jul 2020
Posts: 8
I am glad this bug will be fixed, but it is still there today.

When upgrading the forum software, I hope Larian will consider migrating to a different forum platform which offers more advanced features. Notably, a gaming company ought to appreciate the value of "gamification". A couple of worthy contenders as replacements include:

Discourse
https://www.discourse.org/

Vanilla Forums
https://vanillaforums.com/en/software/

Both of these are available under a Free Licence.

Re: Don't Send Passwords In Plain Text [Re: Rezeki] #671512
05/08/20 04:10 AM
05/08/20 04:10 AM
Joined: Aug 2020
Posts: 7
Iamblitzwing Offline
stranger
Iamblitzwing  Offline
stranger

Joined: Aug 2020
Posts: 7
Hi, I just joined and had the same thing happened. I was emailed my password in plain, text. I just made sure to delete the email, so someone couldn't get a hold of my account.



Though if someone was to hack or break into my email, I'm not sure why they would try to get into my Larian forums account lol

Re: Don't Send Passwords In Plain Text [Re: Rezeki] #671546
Yesterday at 10:08 AM
Yesterday at 10:08 AM
Joined: Jan 2012
Posts: 367
Between Ghent and Aleroth
Lotrotk Offline

enthusiast
Lotrotk  Offline

enthusiast

Joined: Jan 2012
Posts: 367
Between Ghent and Aleroth
With most people, there's one password for everything. A password to a forum account could open many, many doors.
Besides, people don't necessarily need to break in your email, they can break in any server between the one @Larian and your mail server!

Re: Don't Send Passwords In Plain Text [Re: Lotrotk] #671555
Yesterday at 01:34 PM
Yesterday at 01:34 PM
Joined: Aug 2020
Posts: 7
Iamblitzwing Offline
stranger
Iamblitzwing  Offline
stranger

Joined: Aug 2020
Posts: 7
Originally Posted by Lotrotk
With most people, there's one password for everything. A password to a forum account could open many, many doors.
Besides, people don't necessarily need to break in your email, they can break in any server between the one @Larian and your mail server!


I do agree with that. It's quite scary how someone could potentially lose everything, through just one password being leaked/hacked/broken into. I still think it's not the best idea to send passwords in visible text through emails tho


Moderated by  Dom_Larian, Larian_QA, Lynn, Macbeth, Raze 

Powered by UBB.threads™ PHP Forum Software 7.6.2