Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

This forum is silly.

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)

Topic Author
frankfooter
Posts: 4
Joined: Sun May 07, 2017 5:29 am

This forum is silly.

Postby frankfooter » Sun May 07, 2017 5:33 am

Silly you say? Why yes, yes indeed. In fact, it is so silly that it sends, via unencrypted email (kind of like a post card) a password reset link AND a password when you click on the "I forgot my password" link. So this forum is silly because it doesn't take it's database security seriously.

User avatar

df
Site Admin
Posts: 283
Joined: Thu Jan 01, 1970 5:00 am

Re: This forum is silly.

Postby df » Mon Sep 18, 2017 4:13 pm

Password reset emails don't contain your password.
Those are encrypted in the database, so that would be impossible to do.

The password you're referring to that is included in the reset email is a temporary one that's randomly generated.
If interception is a concern, any time you reset your password it should obviously be changed immediately.


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: Bing [Bot], Boorbun21 and 12 guests

Login