Password!

Need the mods or admins to do something for you? Post here. Read the "About" post first.

Moderators: Moderators General, Prelates, Magistrates

User avatar
tiedyeina
Posts: 34
Joined: Sat Apr 18, 2009 10:28 am UTC
Location: Birmingham, UK
Contact:

Password!

Postby tiedyeina » Sat Apr 18, 2009 10:30 am UTC

Hello I'm new and shiny and cellophane wrapped.

Also when I just registered my password was emailed to me in plaintext. Terribly bad form. Could you chaps stop doing that? :)

Byeeeeeeee

User avatar
headprogrammingczar
Posts: 3072
Joined: Mon Oct 22, 2007 5:28 pm UTC
Location: Beaming you up

Re: Password!

Postby headprogrammingczar » Sat Apr 18, 2009 12:12 pm UTC

This is, by far, the best thread in S/FI. I can imagine it wouldn't be too hard to correct, and plaintext passwords are really bad form.
<quintopia> You're not crazy. you're the goddamn headprogrammingspock!
<Weeks> You're the goddamn headprogrammingspock!
<Cheese> I love you

User avatar
Gordon
Dr. Banana
Dr. Banana
Posts: 3521
Joined: Mon Jan 08, 2007 6:51 am UTC
Location: Ontario, Canada

Re: Password!

Postby Gordon » Sat Apr 18, 2009 3:14 pm UTC

Would you propose a new delivery method, or just skipping the confirmation email / leaving the password out of it?

The people with the power to reset passwords are most likely not going to reset passwords for people who forget theirs, or were counting on the email to keep with their records.
Meaux_Pas wrote:
RealGrouchy wrote:I still remember the time when Gordon left. I still wake up in the middle of the night crying and screaming his name.
I do that too, but for an entirely different reason.
RealGrouchy wrote:
Gordon wrote:How long have I been asleep?!
Our daughter is in high school now.

User avatar
suffer-cait
Yes, that's my perfectly normal house cat, why do you ask?
Posts: 2562
Joined: Wed Sep 17, 2008 12:01 am UTC
Location: da aina
Contact:

Re: Password!

Postby suffer-cait » Sat Apr 18, 2009 3:21 pm UTC

what other kinds of text are there?...
ImageImageImageImageImage

User avatar
b.i.o
Green is the loneliest number
Posts: 2519
Joined: Fri Jul 27, 2007 4:38 pm UTC
Location: Hong Kong

Re: Password!

Postby b.i.o » Sat Apr 18, 2009 3:30 pm UTC

suffer-cait wrote:what other kinds of text are there?...

It could be encrypted (plaintext vs. cyphertext) , or it could just not be sent at all (which is the approach many websites take).
Last edited by b.i.o on Sat Apr 18, 2009 4:55 pm UTC, edited 1 time in total.

User avatar
Gordon
Dr. Banana
Dr. Banana
Posts: 3521
Joined: Mon Jan 08, 2007 6:51 am UTC
Location: Ontario, Canada

Re: Password!

Postby Gordon » Sat Apr 18, 2009 3:50 pm UTC

tiedyeina: Lay out your reasoning / thought pattern as to why the board emailing out the password in plain text is 'poor form' or whatever expression you used. Then suggest alternatives and why they are better.
Meaux_Pas wrote:
RealGrouchy wrote:I still remember the time when Gordon left. I still wake up in the middle of the night crying and screaming his name.
I do that too, but for an entirely different reason.
RealGrouchy wrote:
Gordon wrote:How long have I been asleep?!
Our daughter is in high school now.

User avatar
phlip
Restorer of Worlds
Posts: 7550
Joined: Sat Sep 23, 2006 3:56 am UTC
Location: Australia
Contact:

Re: Password!

Postby phlip » Sat Apr 18, 2009 3:51 pm UTC

If you want phpBB to not send out your password, one would think the best people to suggest it to would be the people who make phpBB.

As it stands, if you're that concerned about having your password sent in the clear across the Internet one extra time (in addition to when you signed up and every time you log in, of course), then feel free to change it... after testing it with Science, it has been revealed that that doesn't send the new password in an email.

Code: Select all

enum ಠ_ಠ {°□°╰=1, °Д°╰, ಠ益ಠ╰};
void ┻━┻︵​╰(ಠ_ಠ ⚠) {exit((int)⚠);}
[he/him/his]

User avatar
b.i.o
Green is the loneliest number
Posts: 2519
Joined: Fri Jul 27, 2007 4:38 pm UTC
Location: Hong Kong

Re: Password!

Postby b.i.o » Sat Apr 18, 2009 5:02 pm UTC

Gordon wrote:tiedyeina: Lay out your reasoning / thought pattern as to why the board emailing out the password in plain text is 'poor form' or whatever expression you used. Then suggest alternatives and why they are better.

It's poor form because someone could theoretically be recording/looking at data that's being sent and find your password out. However, the chances of that happening are hovering somewhere around none.

The primary alternative would be not sending the password in the e-mail at all and having people write it down themselves as they need to. This may or may not be a phpBB option, I can't remember--if it's not, you're a lot better off talking to the phpBB people than asking here (as phlip said).


The other thing, though, is that the sign in here is via http, not https, so I really don't think not having a plaintext password e-mailed is going to buy you much.

User avatar
Gordon
Dr. Banana
Dr. Banana
Posts: 3521
Joined: Mon Jan 08, 2007 6:51 am UTC
Location: Ontario, Canada

Re: Password!

Postby Gordon » Sat Apr 18, 2009 5:23 pm UTC

Thank you this is what I was waiting for:
b.i.o wrote:It's poor form because someone could theoretically be recording/looking at data that's being sent and find your password out.

If anyone is concerned about someone finding out your password to these forums ... what is it you think we do around here?
Meaux_Pas wrote:
RealGrouchy wrote:I still remember the time when Gordon left. I still wake up in the middle of the night crying and screaming his name.
I do that too, but for an entirely different reason.
RealGrouchy wrote:
Gordon wrote:How long have I been asleep?!
Our daughter is in high school now.

runa
Posts: 49
Joined: Mon Feb 23, 2009 9:59 am UTC

Re: Password!

Postby runa » Sat Apr 18, 2009 5:46 pm UTC

phlip wrote:If you want phpBB to not send out your password, one would think the best people to suggest it to would be the people who make phpBB.


You can actually disable that. But if a user clicks on the "I forgot my password"-button a new password will be sent, in plaintext, to the users email address.

User avatar
b.i.o
Green is the loneliest number
Posts: 2519
Joined: Fri Jul 27, 2007 4:38 pm UTC
Location: Hong Kong

Re: Password!

Postby b.i.o » Sat Apr 18, 2009 8:45 pm UTC

Gordon wrote:Thank you this is what I was waiting for:
b.i.o wrote:It's poor form because someone could theoretically be recording/looking at data that's being sent and find your password out.

If anyone is concerned about someone finding out your password to these forums ... what is it you think we do around here?

Ya know, I had the second sentence there for a reason.


Return to “Site/Forum issues”

Who is online

Users browsing this forum: No registered users and 2 guests