Need help? Check out our Support site, then


WordPress.com Forums » Ideas

Stop Emailing Unencrypted Passwords

  1. charlierestivo
    Member

    I was very surprised when I signed up for a new account, setup a username and password, and then received an email from WordPress with my username and password in plain text.

    This is highly unsecure! Firstly, no one should ever email a password that is not temporary. Secondly, this means WordPress stores unencrypted passwords in their database. If anyone ever accessed these passwords they would be in plain sight. Passwords should always be stored using some sort of encryption or hash algorithm.

    As a new user I am very disappointed from a security standpoint and now I am unsure if I will ever continue using these services.

    Please consider changing this. Many people use the same password and usernames for many sites and if you store it and email it in plain sight you could be giving it away unknowingly. If someone forgets their password you should never email them their password, instead you should assign them a new temporary password and suggest that the user changes it as soon as they reactivate their account or login.

    I hope WordPress takes security more seriously.

  2. devblog
    Member

    Secondly, this means WordPress stores unencrypted passwords in their database.

    How 'sure' are you of this?

    Just because you received and email with your password unencrypted doesn't mean they store passwords like that as well. Since they're concerned about security, I'm sure they do hash the passwords before they store them in the DB.

    If you wonder how could they send a 'hashed' password in your confirmation email, consider a temporary variable which will be used to send you that info. The value of the variable is then destroyed after sending the email.

    If someone for some reason intercepts the text of the emial, and tries to change your blog password, they would need to have access to your email account as well to confirm such change, otherwise they won't be able to.

  3. mark
    Staff

    Secondly, this means WordPress stores unencrypted passwords in their database.
    Wrong. They are encrypted.

  4. thesacredpath
    Member

    A large amount of sites I have signed up for (including online banking with my bank) send your username and password unencrypted in an email to you after signing up. The first thing I do after that is to log in and change my password. This practice is far more widespread than one would believe.

    Always change passwords immediately that have been sent back to you in an email.

  5. tellyworth
    Staff

    Charlie: I'd be happy to email you an encrypted password, but I don't know what you'd do with it. We have to send people unencrypted passwords so they can read them.

    Mark is correct, passwords are never stored unencrypted at WordPress.com. This is why we have a password reset for lost passwords, rather than password recovery: we have no way of knowing what your password is.

    It's always a good idea to change your password immediately after signing up at any web service, WordPress.com included.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags