Sign in to participate
Be Kind, Be Helpful
Ask a question, answer a question, and get to know the fine people in the Harvest community.
Plaintext password
Hi,
I just created a forum account to ask about a different question, but I was horrified to see that you emailed me my password in plaintext for all the world to see!
Do you store plaintext passwords, too?
Storing or emailing plaintext passwords is horrendous from a security standpoint. I’d suggest reevaluating your practices surrounding account security.
http://www.codinghorror.com/blog/2007/09/youre-...
Thanks,
Dave
Thanks, Dave. Your Harvest account password is encrypted using the latest standards: http://www.getharvest.com/features/security-pri.... Harvest personnel don’t even have access to customer passwords.
Thanks for the reply, Scott. That’s reassuring to hear that our passwords are not stored in plaintext.
Does this mean you’re going to cease the practice of emailing new account passwords in plaintext, then?
It’s been awhile, so I could be wrong, but aren’t initial passwords changed as soon as you login the first time?
Not for me. This was just for the forum account that I’m using the post this comment, though. It’s been too long since I created my main Harvest account for me to remember what happens there.
The email I received had the following contents:
Your Harvest Forum account has been created.
Username: dmillz Password: <holy crap that’s my password>Visit this url to activate your account!
Harvest forum passwords are handled separately from Harvest app passwords. Forum passwords are plaintext and emailed as such. However, Harvest app passwords are encrypted and not stored as plain text. I hope that helps!