 |
By (user no longer on site) OP
over a year ago
|
When I mistyped my password in today I read the message “The email address and password you entered aren't in our records. Please try again!” which got me a bit worried that our passwords may not be encrypted and kept on a record of some kind. Is this the case? |
Reply privately, Reply in forum +quote
or View forums list | |
|
By *heRainManMan
over a year ago
Warrington & Glasgow |
https://en.wikipedia.org/wiki/Salt_(cryptography)
Normally it's the hash that's stored, rather than the password.
When you type in the password, it's hashed and compared to what is stored. It's nigh on impossible that another password will give the same hash. (The longer the password, the impossibler it is!!  )
That's why, if you forget your password, Fab doesn't send it to you, they can't, they don't know it, but send you a link to change it.
If you use a site that can send you your password, stop using it, it's hideously insecure! |
Reply privately, Reply in forum +quote
or View forums list | |
|
By (user no longer on site)
over a year ago
|
"https://en.wikipedia.org/wiki/Salt_(cryptography)
Normally it's the hash that's stored, rather than the password.
When you type in the password, it's hashed and compared to what is stored. It's nigh on impossible that another password will give the same hash. (The longer the password, the impossibler it is!! )
That's why, if you forget your password, Fab doesn't send it to you, they can't, they don't know it, but send you a link to change it.
If you use a site that can send you your password, stop using it, it's hideously insecure!"
This.
I came across a similar site to this that saved your password but you had to type in your username.   |
Reply privately, Reply in forum +quote
or View forums list | |
» Add a new message to this topic
