This thread is frustrating. Everyone seems more interested in nitpicking the specifics of what OP is saying and are ignoring that a forum sends you your password (not an automatically generated one) in an email on registration.
Larian stated on their forum they fixed this behavior and shifted to https 3 years ago. When this was linked several times in thread, people asked OP when this screenshot occured, and OP ignored the questions. Pretty clear that this is a very old screenshot of what is now a non issue.
What’s to discuss besides OP trying to stir up drama about issues that were resolved years ago?
FWIW, it’s not fixed. The screen shot may very well be recent.
(The post in question was still bad reporting, though, for the reasons I detailed in my other comment here.)
It’s still an interesting case to discuss and learn about. We don’t ignore and forget about ww2, just because it’s over, do we?!
It’s disingenuous to pass off ww2 as a current event though.
I think the OP of that post would have had a better reception if they had:
- Responsibly disclosed what they found, rather than using it to stir up drama on social media.
- Mentioned that it’s just a web forum account, not connected to game accounts or anything else of value.
- Targeted the software vendor (https://www.ubbcentral.com/) instead of picking on one particular customer who used that software.
- Refrained from spreading misconceptions and unfounded assumptions about how the technology works.
- Responded to the reasonable follow-up questions, such as those that came when readers discovered that the problem was reported fixed three years ago.
People in that thread responded with skepticism and criticism to an irresponsible, misdirected, misleading, alarmist mess of a post. That’s hardly surprising.
Just wow, yeah. Nothing should ever send you a password in cleartext - once that’s been done, a MITM attack’s success rate just went to 100%.
It’s painless to use password resets if the person forgot the password. Never, ever should a password be in cleartext.
hunter2
MITM attack’s success rate just went to 100%
No, it didn’t. It’s stupid and shouldn’t be done, but all ham nowadays is encrypted.
I know that because I’ve been running my email server for some years now, technically breaking one of the RFCs for not allowing unencrypted connections. Zero email has been missed.
OP of that thread was talking about how (they think) the password was stored in plain text instead of this “tree” you’re talking about. The discussion on that was not a nitpick.
The forest is bad practice with passwords, since you get an email of your password after setting it.
The tree is OP not knowing how to describe why it’s bad and saying the wrong reason why.
I mean, there were a lot of forests in that thread. Like how it was an old screenshot and they don’t do those emails anymore. Or you shouldn’t re-use passwords anyways. I don’t blame people for missing 1 or 2 forests.
Everyone seems more interested in nitpicking
Actually, not everyone in that thread is nitpicking. There’s one comment that’s just a helpful hint.
But yes, nitpicking is fun. I’ll see myself out.
No, I’ll allow it, this is a good post. Not even being sarcastic, did me a grin haha
Uh, I seem to recall this happening when I made a Larian account. What happens is you give them your email, they make your account, and email you a temporary password. The temp password is shown in plaintext, as the email shows. Once I saw the email, I logged in to finalize my account and change my password to something secure. It’s not the most modern process, but I wasn’t really that concerned either.
OP misspoke, lied, or it was different when you joined then.
This was just recently since BG3 came out. Since I first saw this drama I was pretty sure OP was misrepresenting the situation.
