>2000+1+2+3+4+5+4
>getting a recovery password in plaintext
How is thisbtje go-to place for amdroid development
2000+1+2+3+4+5+4
Camden Parker
Other urls found in this thread:
Benjamin Myers
>entering old password is not required to set a new one
it just keeps on giving
Gabriel Stewart
Pajeets don't know how security works
Nathaniel Hernandez
Are you retarded? How else would you expect to get the new password other than in plaintext.
And entering old password before setting new one is useful only in two situations:
1) you let someone else access your account, in which case you are idiot and deserve whatever will happen to it
2) the site is vulnerable to xss/csrf/clickjacking - if this is prevented (which is not that difficult if the site is designed with this on your mind), it's not necessary.
Yes, you and are indeed pajeets.
Wyatt Carter
It's more likely than you think! plaintextoffenders.com
Anthony Edwards
>having an account on X-sjw-DA
I once told in comment that notches are for people who like to watch their wives have sex with big african men and they permabanned me.
Caleb Powell
not for trolling but for racism
lmfao
Julian Thomas
>Are you retarded? How else would you expect to get the new password other than in plaintext.
you redirect the user to a page where he enters a new password, retard
Blake Hall
That's another possibility, but there is nothing wrong with the first approach. They were probably too lazy to do this, becuase it's more complicated (to program it).
Brandon Carter
password in plaintext
>if someone has access to your email he got muh password, oh noes!
link to set password yourself
>ah, now I'm secure, no pajeet accessing my email can change password
Have sex, retard. Resetting password is high security risk in either way, it's you who must take extra precautions for this, because you, being a retard, forgot your password in the first place.
Kill yourself, insufferable dumb cunt.
Jose Kelly
>>getting a recovery password in plaintext
This is okay.
>>entering old password is not required to set a new one
This is also okay.
Carter Kelly
this kind of password reset usually work with an additional layer of security
a phone number, a second recovery email, security questions, etc
for a new password or recovery link to be sent to you you require to confirm the recovery email address or the phone number
this means that having access to one email address does not mean you have access to the account
Cameron Ramirez
You are supposed to change it immediately, not use it forever.
What's the fucking difference in sending the password in plaintext or sending the recovery link if someone intercepts your email?
Carson Bennett
OP uses xda, he's most likely a pajeet himself. Don't except high IQ posts from OP
Blake Rodriguez
What an idiot
Eli Green
I signed up for my school and they emailed me my password just for signing up
Owen Allen
its really not that hard to make an OTK based system
Colton Wilson
The problem here is it lets anyone reset your password as long as they know your email. Can't get into the account but can forever annoy you with hourly password resets. It should email you a link which expires in 24 that lets you set new password instead.
Luke Young
>its really not that hard to make an OTK based system
>an over-the-knee based system
it's not hard, but now i am
Easton Sanchez
otp, had damage on my mind
Nathan Jones
>The problem here is it lets anyone reset your password as long as they know your email.
So long as they can get into your email.
And if they can get into your email then a 24 hour expiry link won't provide any further protection.
Daniel Gonzalez
No shit. I'm saying right now it's possible for someone to modify your account indefinitely just by knowing your email.
Landon Campbell
>Half the people here defending sending a password through email.
The absolute state of Jow Forums
Remember when we had Stallman threads and freedom discussion? When people competed on who could make the most complex and unreadable code?
I do but all that is left now are a bunch of consumerists and funny meme threads
Brody Cook
Hey but at least you think they are funny!
Carson Martin
>t. A retard who forgets his passwords and doesn't have encrypted backups
kys, dumb faggot, it's your own fault for registering on pajeet websites and forgetting passwords.
James Miller
ikr! I was there too back in a day!
Why these websites don't hide passwords with [spoiler]hashtag[/spoiler]
Pajeets, am I right!?
Luke Garcia
How is that different from getting a recovery link in plaintext?
Sebastian Gomez
>Having your password saved (in plaintext) in your mailbox is the same as setting one once.
Now, if this temporary password would actually require you to change the password the next login, and would only be valid for 24 hours, then it'd be okay. But some sites dont even require a change after a request like this.
Gabriel Hall
Pikachu pajama is great, but recovery link contains a one-time token which is invalidated after reset.
Evan Edwards
So...
Still not different