Open l00mi opened 8 years ago
lindas-data.ch uses unencrypted HTTP and login works by sending username and password in clear in the message payload, so passwords stored in clear seems to be the least of the problems ;)
The problem is that SECO still did not achieve to sell a certificate... I will get back to them.
Thanks @martin-voigt, however when I wrote my comment I wasn't quite aware that the problem isn't mainly the unencrypted nature but that the original password is sent to the email address (rather than a fresh password or better a reset link). Depending on the mood of the day I set the password and the situation in which I need to recover it, this could be quite embarrassing.
Please never sent any passwords by email. This is simply bad practice.
This further triggers the question if the passwords are saved in plain text somewhere?