14 upvotes, 0 direct replies (showing 0)
View submission: Reddit's Streak of Bad Luck Continues...
I've never heard of any responsible site using no encryption of any type to store passwords.
That *is* irresponsible.
You don't have to go with 1-way encryption like many sites do, but you must have some form of encryption if only to respect the security of your users when things like this happen.
I've made several sites that make use of user management systems and i've always used either md5 or sha1 with salt to store passwords and have never had a problem with the *resetting* not *retrieving* of passwords.
There's no real reason why a user should be sent their password via email, this just allows potential hackers to acquire a password that might be used on other sites if they gain access to that user's email account..
There's nothing here!