First of all, i created an account here because im looking for playstation 1 cover packs. Said that, im notice that i received an e-mail with my login and my PASSWORD!!! Which that means the site must have a data base with the passwords of all users, which is an extremely serious security flaw! A good site use encryption to not know the passwords of their users, which seems not to be the case this forum. I suggest you change this system.
Theres a good article about this that im posting here, please read.
"Here are two issues we have with being mailed a password:
Email is not a safe medium. Man in the middle attacks are easy to pull off between server. The communication protocol in itself is not encrypted.
If someone were to hack into any mail account, all they need to do is search for ‘password’ and they have all of the user’s passwords. (Editor’s Note: you don’t have to have someone hack your account - just imagine how many people forget their email accounts logged in on public computers)
The fact that you send the initial password in plain text doesn’t mean you store it, but as you can see from the site, many people use the ‘forgot password’ option on sites and get their password sent back to them - a clear indication that the password is stored in plain text (or using reversible encryption, which is pretty much the same).
All in all - it’s not a safe thing to do and an indicator of low security standards. We use emailed passwords as proof of that."
Thanks for your post.
Unfortunately because this forum is currently running on a basic package from the provider, that is something I cannot change myself as Admin. And if I did upgrade the forum to the most expensive package, which I currently cannot afford to do, I am not sure if this will get rid of the password issue or not.
It is down to the hosts and them making this board hold the passwords and I cannot control that.
As Admin, I have logged into the control panel and I cannot see anybodies passwords.