Passwords in plain text [Security Enhancement]

[dan]

Not only are the input fields for passwords not marked as password (therefore it's not hidden to prying eyes) but I suspect they aren't being encrypted. Most people use their passwords for multiple websites so this is really dangerous, especially when coupled with an email address.

To fix this mark any input field with the type "password" and then store passwords as md5 hashes.

 

[sam]

Yea this is a pretty serious oversight.

 

[Badorties]

good call. The sign up field is not masked on purpose, to facilitate ease, but I think it's better masked.

 

[Evan]

Welcome to MC and thanks for the information.

We have always stored passwords as hashes. We added ssl encryption to both the signup and login forms so that passwords are now transmitted securely. The password input box is now masked on the register form per your suggestion.

 

[RjBeals]

now that's how a site should listen to and apply feedback.

Nice work Evan.

 

[Badorties]

+rep!