Author | Comment | |
---|---|---|
1. 19 Dec 2019 02:12 | ||
Hey... it's been several years since I last mentioned this.. you guys still don't offer a way to change your password, and if I click "Forgot my password" you just email it to me in plain text... meaning you either store it on your database in plain text, or you store it along with the decryption key. |
||
2. 21 Dec 2019 07:09 | ||
Hey TD, got to admit, sending back a password in clear text is far from keeping it secure. If the mail account was hacked in or even just the network connection is being traced by a third party, then the TD account will be compromised as well. Having a way to reset the password after identity verification (answer to questions or code sent to phone/mail) sounds like a better option. |