This forum is silly.

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
Posts: 3
Joined: Sun May 07, 2017 5:29 am

This forum is silly.

Post by frankfooter » Sun May 07, 2017 5:33 am

Silly you say? Why yes, yes indeed. In fact, it is so silly that it sends, via unencrypted email (kind of like a post card) a password reset link AND a password when you click on the "I forgot my password" link. So this forum is silly because it doesn't take it's database security seriously.

User avatar
Site Admin
Posts: 495
Joined: Thu Jan 01, 1970 5:00 am

Re: This forum is silly.

Post by df » Mon Sep 18, 2017 4:13 pm

Password reset emails don't contain your password.
Those are encrypted in the database, so that would be impossible to do.

The password you're referring to that is included in the reset email is a temporary one that's randomly generated.
If interception is a concern, any time you reset your password it should obviously be changed immediately.