Password security
Discussion
Are PH user account passwords stored as text or hash encrypted values?
Can the PH hamsters see a user account password text?
I presume the hamsters can delete text or hash values thereby enabling users who have forgotten / lost / compromised their passwords to be able to make a new password?
Can the PH hamsters see a user account password text?
I presume the hamsters can delete text or hash values thereby enabling users who have forgotten / lost / compromised their passwords to be able to make a new password?
The last time I forgot my password, I clicked the "forgot password" link and it sent me an email containing my password in plain text, so at that point (it was 2014) they must have been stored in plain text.
So the first thing you could do is follow the "forgot password" link and see what it sends. I'd like to think that these days it would just be a link to reset your password to something new. That might involve sending you a link which includes a time-limited unique id to indicate to their servers that it's really you (or someone who has access to your emails), but I'm out of touch with how these things are done and there may be new techniques now.
So the first thing you could do is follow the "forgot password" link and see what it sends. I'd like to think that these days it would just be a link to reset your password to something new. That might involve sending you a link which includes a time-limited unique id to indicate to their servers that it's really you (or someone who has access to your emails), but I'm out of touch with how these things are done and there may be new techniques now.
Forums | Website Feedback | Top of Page | What's New | My Stuff