Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

  • Kilamaos@lemmy.world
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    9
    ·
    1 year ago

    Of course. You receive the password in plain on account creation, do the process you need, and then store it hashed.

    That’s fine and normal

      • Vegasimov@reddthat.com
        link
        fedilink
        English
        arrow-up
        12
        arrow-down
        8
        ·
        1 year ago

        When you create an account you type your password in. This gets sent to the server, and then it is hashed and stored

        So there is a period of time where they have your unhashed password

        This is true of every website you have ever made a password on

          • Vegasimov@reddthat.com
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            2
            ·
            1 year ago

            I’ve never even heard of the game studio I’m not defending them, I was replying to the person who said the company should never have your unhashed password, and explaining that they have to at some point in the process

        • dangblingus@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          9
          ·
          1 year ago

          So why would an agent at Larian have man-in-the-middle access between the password being sent to the server, and the auto-hash?