Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I was kind of shocked when I just received my confirmation mail from the shop wh

ID: 661518 • Letter: I

Question

I was kind of shocked when I just received my confirmation mail from the shop where I just registered myself: they sent my username (which is my email address) and the password I typed in. The password was not partially replaced with *s or similar; it was the naked, blank password I picked.

This does mean people who can check the emails the shop sends could theoretically see my login data, does it not? I believe this is the first time I get a confirmation with my full login information so this seems really weird and somehow concerns me. Should it?

From the fact that I received my password by email, I am guessing that the shop does not encrypt my password. Is this a valid inference?

Explanation / Answer

Sending you the password in plain text does not necessarily mean the database stores it in plain text, especially if they sent you the email before encrypting and storing the password. However if you ask for the password later on (e.g "forgot password" mechanism) and they do send it to you like this, it implies that they are either storing in plain text or they're using an easily reversible encryption. In either case, there is reason to be concerned unless they only send you the password on registration and before storing it on their server in encrypted format.

In particular:

If they have a "forgot my password" link that sends you the password you had previously set up, then yes, there is reason to be concerned: they are storing the password in plaintext or using reversible encryption.

If they send you a new password, then it doesn't necessarily mean they are storing the password in plaintext or using reversible encryption. In that case, you don't have enough information to know whether there is cause for concern.

A separate issue is that, in any case, email is not a safe medium for sending passwords. Thus, even if they aren't storing the password in plaintext, if they are sending it to you by email in plaintext, that does pose some risk.

Related Questions

I was given this problem in Mastering Chemistry: \" Which of the following redox
Question #975094
I was given this problem in class today. The professor said the range should be
Question #2982663
I was given this problem: In order to investigate the hypothesis that greater pr
Question #3069414
I was given this problem: Liquid nitrogen trichloride is heated in a 2.50-L clos
Question #600644
I was given this problem: Liquid nitrogen trichloride is heated in a 2.50-L clos
Question #740538
I was given this problem: PART A: Consider the following model of wage determina
Question #3069417
I was given this proof dealing primarily with the information found in 4.1-4.3 o
Question #2969450
I was given this python code but it\'s not properly running. I think it is becau
Question #3837175
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I was just wondering if someone could help me with some of theterminology used i
Next
I was late in my signing up for classes at the start of last term, so I signed u

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.