Larion Studios forum stores your passwords in unhashed plaintext. Don’t use a password there that you’ve used anywhere else.

  • Vegasimov@reddthat.com
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    8
    ·
    1 year ago

    When you create an account you type your password in. This gets sent to the server, and then it is hashed and stored

    So there is a period of time where they have your unhashed password

    This is true of every website you have ever made a password on

      • Vegasimov@reddthat.com
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        1 year ago

        I’ve never even heard of the game studio I’m not defending them, I was replying to the person who said the company should never have your unhashed password, and explaining that they have to at some point in the process

    • dangblingus@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      7
      ·
      1 year ago

      So why would an agent at Larian have man-in-the-middle access between the password being sent to the server, and the auto-hash?