5 upvotes, 0 direct replies (showing 0)
View submission: Reddit's Streak of Bad Luck Continues...
It's not incompetence but a common design decision of 95% of the "fun" sites everyone here uses every day. Go look at YouTube and MySpace, no SSL and they both send back the original passwords in email. 37Signals sends back forgotten passwords in email. Everyone here then should spread this outrage around with all those sites too.
If the site isn't using SSL for logins, then it doesn't really matter if these passwords are cleartext in the database. And if you move to SSL logins, then that makes logging in one extra click for everyone. (since the login form can't be embedded right on the page anymore, or your form is prone to a 'man in the middle' attack)
I expect my Mom maybe to use the same password here and at her bank, but the people here!? Why would you trust any site with the same password that you might use somewhere that's important?
I like these Reddit guys a lot, but Aaron is one shady looking mofo. :) I just assume that he'd try to use my password at every bank site he could find to funnel money into his porno slush fund.
There's nothing here!