But I also noticed CH told me the ORIGINAL PASSWORD that I forgot, which means the password is not encrypted(or symmetrically encrypted) in website Database.
Although CH uses HTTPS to secure the connection, storing password in plain text is generally considered serious threat to user security, as nobody - including the users themselves and adminstrators - should be able to look up at.
Unencrypted, or symmetrically encrypted passwords are not the way to run a modern website. It imposes unneccesary threat to a user as people tend to share their password between different websites.
Please implement encryption on the password column of user table in your database. Password retrieval could be, perhaps should be, replaced by 'password reset' functionality. I love CH and I want it secure. Nobody would like to see mistakes like Adobe has made before repeated.
* Up to 400 new and updated trainers monthly
* Manage and update trainers through one app
* Request which games get new trainers
* Priority support with any problem