Good to know. I hadn’t actually bothered to check; I just used a unique password and email address as a matter of course—but I’m glad anyhow. Of course, that doesn’t guarantee they’re storing the password verifier, but I certainly could go read the source myself and find out.
Of course, if I was actually concerned about the security of my account here, I wouldn’t use the site at all because it’s only available unencrypted. Given how easy and cheap (even free) it is to enable TLS these days, I’m honestly surprised this site not only defaults to plaintext but doesn’t support encryption at all. Intercepting network traffic is easy (promiscuous mode on open WiFi, run your own hotspot with an expected SSID, ARP spoofing, etc.)
Good to know. I hadn’t actually bothered to check; I just used a unique password and email address as a matter of course—but I’m glad anyhow. Of course, that doesn’t guarantee they’re storing the password verifier, but I certainly could go read the source myself and find out.
Of course, if I was actually concerned about the security of my account here, I wouldn’t use the site at all because it’s only available unencrypted. Given how easy and cheap (even free) it is to enable TLS these days, I’m honestly surprised this site not only defaults to plaintext but doesn’t support encryption at all. Intercepting network traffic is easy (promiscuous mode on open WiFi, run your own hotspot with an expected SSID, ARP spoofing, etc.)