BASED VIRGIN

>tfw it's real

I thought only small companies still did that shit, Jesus christ.

this but unironically, it's fairly trivial to access firearms illegal in the vast majority of countries

what the absolute fuck hahaha
that has to be a joke

Attached: just-say-no.png (500x507, 65K)

Hey we dont know if the support person sending them their password was just w math genius and was able to break aes. Come on now

Boy do I sure love receiving daily emails in my spam folder with my old password in the subject line claiming they have webcam videos of taking care of myself and demanding buttcoins all because I made an account on last.fm fifteen years ago when I was a teenager who thought it was really important to let other people know what music I was listening to at the moment.

Attached: sweden.jpg (790x446, 32K)

Full context

Attached: Plain text.png (637x972, 99K)

Confirmed clown world.
These companies take irresponsibility to a new level.

Was it really their password or the phone pin used to authenticate when you call up the company?

Attached: 1561773728180.jpg (1080x1080, 192K)

>illigal to open your mail
>legal to inspect your digital "mail" packets
21st century is bullshit.

Virgin Media could really just do something along the lines of sending a verification code to the recipient via post which they can use to reset the password. But no that's too much work...

>and the developer just replied to him his password in plain text
like in a private message?

can someone explain to me why I care that a company has my password? Like of course they know it how else can they verify it's me LOL

Bait

They don't have your password, they have a hash of your password hopefully. Even couldn't figure out what your password is if they aren't crooks who just stole your data.

This boomer logic is why faxes are still a thing.
Please ban this shit.

I'll bite. Passwords are supposed to be stored in hashes, preferably in HMAC, meaning even if hashes leak, without master password you cannot even _approach_ brute force. If you have the password, all you can do is brute-force.

>twitter nigger dramas

If a password is stored in a manner that they are able to retrieve it, then an attacker who has compromised their databases is able to retrieve it as well. The proper solution for storing passwords is to use a one way hashing function with a randomly generated "salt" to guarantee that no two people with the same password will necessarily have the same hash.

So to clarify, we have a globally used hashing function H. For each user in the database, we store a hash h, and salt s. When a user sends a password p, we compute H(p+s), and validate that user if the result is equal to h. A proper function H should be designed that it will take an extraordinarily long time to compute p from h and s. An example of such a function is Scrypt (pronounced "ess-crypt"), which is designed to use as much memory as possible while computing the hash such that parallelization (i.e. cracking with a GPU) is less practical.

>preferably in HMAC
HMAC is not suitable for password authentication. Try Scrypt or Bcrypt.

>bcrypt
this user gets it

argon2, please

use Scrypt if possible

While I would not say Bcrypt is a *bad* choice, Scrypt was designed specifically to deal with some of its faults. If you want to stop an attacker with a butt ton of compute cores, Scrypt has your back.

Also an acceptable choice, though it is a bit new, and may not be preferred by certain companies that want something more mature.

underrated

LMAO, this thread is laughs

Attached: 1.png (427x623, 630K)