We're not storing our gold bars here.

I agree that it's not security best practice to store passwords in plain text and send them through email, but I think it's perfectly acceptable for an Internet forum to do so. If my bank was doing it, I'd take my business elsewhere without blinking.

I'm  going to have to jump on board with Ziggy on this one.  When you're putting together a security plan, one of the first things you do is determine how critical what you're protecting is, and the risk/reward involved in protecting it.

If the information we store here won't ruin our careers, reputations, or financial lives, then I don't need strong encryption and elaborate retrieval processes.

Well I suppose we should all be using different passwords for each account anyway to begin with

^ ++1

i agree it was better to write the password in other way not plain text. But its not insecure as long as u protect ur mail by changing ur password from time to time and avoiding key loggers (using a good av. However all AVs are sucks ) and many of other methods. But if ur email is not protected then an attacker can reset ur password using it (without knowing the plain text pass if u didnt choose security question)

CyberSprite

Agreed.  The real question is, with Don's limited time, what is the level of importance. Between trying to make sure that the site stays up and dealing with getting contest rewards, publishing articles, deleting spam, updating the site, and everything else, what would it be best if it slipped so that some serious time could be spent re-vamping the site to use hashed passwords.

I mean as such, if we're going to do it right, using something simple and salted would be bad, so like SHA1 with a salt would be less optimal than something more sophisticated than that with time built into cracking passwords as well as generating them such as bcrypt.

There's tons of other things that should probably be done, ensure that the linkages between the two systems are using SSL for instance.  With that said, I think that if this is important to people, that they write up a synopsis of things that they think should be done to improve the security of the site, research what it would take, and propose doing a project with Don to get it done.

In the end, good resume builder, Don will owe you one, and people who help out with stuff on the site tend to get rewarded.

Just a thought.

This is not as uncommon as it sounds many sites are storing password in plain text or a non encrypted format.

Last week a really big uk company were found to using plain text protocol. What is really shocking!