Store user passwords as encrypted
I just requested a new simpleology password as I had forgotten it. Instead of being sent a password rset link, as is the best security practice for any website, I got re-sent my old password in plain text. This means that Simpleology website stores it's user passwords in plain text, which is vulnerable to 'internal' abuse, and also extremely dangerous if the simpleology site is ever hacked, or data is improperly secured or leaked. Please start storing passwords in encrypted form (ideally hashed and salted as best industry practice), and if a user forgets a password, send them a reset link
3
votes
James Micallef
shared this idea