The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
Basically what F-ES Sitecore posted. The OP was unclear if this plain-text password was sent immediately after registration, or later on via some password reminder feature.
Either way it's not conclusive of plain text storage, although the latter would imply it is at best a reversible encryption as you have suggested.
While we are on the subject of one-way hash vs encrypted string, does it really matter either way? The main concern with storing user credentials is how to protect the source data, protect the source code (in terms of identifying how the password is hashed/encrypted), and restrict any method of being able to brute force login attempts (for example, locking accounts after X attempts, etc.).
While we are on the subject of one-way hash vs encrypted string, does it really matter either way?
Yes it does matter, because everyone who has access to the data and encryption methods within the company can see logins and passwords.
Just because someone works for a company does not mean that they can be trusted with highly confidential information such as passwords and logins.
Hence why data protection laws exist.
“That which can be asserted without evidence, can be dismissed without evidence.”
On the other hand, if they've cracked the database and got your hashed/encrypted password, they'll more than likely ignore the password and just access your credit card, bank account, health details etc directly. If the company is lax about passwords, it's pretty unlikely that the rest of the data is encrypted! The only reason password encryption is any more important than any other data is that people tend to re-use passwords, so a hacker of one database can often then access others; or actually impersonate someone else rather than just steal their money / reputation.
The could with a rainbow lookup table if the hashes have not also been salted.
This would require them to have a copy of the database (or at least a direct connection to it).
And if you can get a hold of the application code (even the compiled version) then salting your hashes doesn't much matter. With some effort the hacker could identifier your salt key and process and adjust their "hacking software" to make their rainbow tables work again. Although you should be safe if you are using a password manager as it's likely they will have your password in their list.
Let's just hope this "company X" doesn't have your credit card details stored right next to the plain text password
I emailed the CEO to let him know, let's see if he responds and if he does what his response is.
Or how about this email: "Our system has lost your password, which we store as plain text. Since you must have received a confirmation email at some point with your plain text password, could you please forward it to us and cc: GuyThiebaut, and we will restore your password. Thank you very much."
Another soundtrack, but with (Japanese) lyrics this time.
The Secret Life of Arrietty is a more recent Studio Ghibli movie (2011, so no Miyazaki).
The English version is dubbed by Tom Holland, better known as Spider-Man (but I watch subs, not dubs).
This is probably the first Ghibli I've seen where Joe Hishaishi wasn't the music composer.
However, Cécile Corbel wrote an awesome soundtrack and perhaps it's even my favorite Ghibli soundtrack to date.
It has a bit of a Celtic vibe to it and there are quite a few lyrics that I don't understand.
I watched the movie, got the soundtrack and then played it on repeat