LOGIN  .  SIGNUP   .  REWARDS   .  PRIZE WHEEL   .  RC STORE   .  SUPPORT 
HOME / MESSAGE BOARDS / FEEDBACK, COMPLAINTS OR PROBLEMS

Feedback, Complaints or Problems

Signup   Message Boards Home   Newest Posts   My Favorite Boards   My Threads
Page 1 of 1
Signup or Login to Post
Please encrypt our login passwords
 
enigmatics  posted on May 24, 2017 10:37:43 PM - Report post

Current rank: 1 Star. Next Rank at 100 Posts.
Send a message to enigmatics
CHEATMASTER
I recently forgot my password for ch, so I used my email to retrieve it.
But I also noticed CH told me the ORIGINAL PASSWORD that I forgot, which means the password is not encrypted(or symmetrically encrypted) in website Database.

Although CH uses HTTPS to secure the connection, storing password in plain text is generally considered serious threat to user security, as nobody - including the users themselves and adminstrators - should be able to look up at.

Unencrypted, or symmetrically encrypted passwords are not the way to run a modern website. It imposes unneccesary threat to a user as people tend to share their password between different websites.

Please implement encryption on the password column of user table in your database. Password retrieval could be, perhaps should be, replaced by 'password reset' functionality. I love CH and I want it secure. Nobody would like to see mistakes like Adobe has made before repeated.

 
PWizard  posted on May 25, 2017 6:49:22 AM - Report post

Founder
Send a message to PWizard
FOUNDER
This will be done eventually. Right now we utilize this information to help users that have lost their email, alias and other information that would basically cause them to have to re-purchase a membership. This is not a banking or other highly secure website. We do not store real names, any financial data, birthdates, etc. Only alias, email and password. We have 3 very restrictive firewalls, one being hardware and two being software to protect our web application. The entire site utilizes SSL as well as HSTS. The storing of passwords in plain text poses no threat to your online security if you utilize separate passwords for each website or application like you should be doing. There have been BILLIONS of user accounts compromised from huge organizations like Yahoo, Target, ebay, Home Depot, PSN, etc (Link. Except in these cases, criminals didn't get away with passwords, they got real names, birthdates, social security numbers, credit card numbers and a ton of other information that could be used to steal a person's entire identity. I remember one hack of like 500 MILLION accounts that kept everything in clear text, but at least the password was encrypted! Personally I would rather have my password leaked than ALL of my personal details like birthdate and social security number. I can change my password, I can't change that other stuff. If you are uncomfortable with our current security practices, I will be happy to delete your account along with all traces of it.
Page 1 of 1
  Post Reply
 
All times are (GMT -06:00) Central Time (US & Canada). Current time is 6:56:55 PM
Cheat Happens Premium
 
* Access PC trainers and exclusive content
* Updated game trainers and cheats daily
* Get notified when new cheats are added
* Request which games get new trainers
* Priority support with any problem
Message Board Moderators
TaurusploppTaurusplopp
Neo7
Neo7
KingEliKingEli
CyPHeR369CyPHeR369
dstatesdstates
Important Board Topics
Trending Topics