Quote from: Don Boyer on September 24, 2014, 02:50:21 AM

Quote from: doubledouble on September 23, 2014, 08:42:12 PM

sent a message through their site, but figured I'd also post here to let other people know. Just signed up for an account on TBC's website and placed an order, but I received a welcome email WITH MY PASSWORD IN PLAINTEXT. This is really bad. Like really really bad. A website that has poeple inputting their CC and personal info should never be sending out passwords in plain text. Please fix this or your site's reputation will suffer.

If I'm not mistaken, you can also use PayPal to make payments.  No, it's not good to send unprotected passwords, but at least you have payment alternatives that are secure independent of the site.

There is no problem at all with the store side of the website. I've ordered two or three times from The Blue Crown website this month alone haha. There's nothing a miss with the paying side at all. Just wanted to post to make it clear, the pay side of the site works like every other one out there. Secure sale and clean emails. The Blue Crown also has prompt shipping and above average packing. I've yet to receive any damaged product. Good stuff all around.

The password thing, different ball of wax entirely. I just delete those types of emails as soon as I receive them so, didn't really bother me too much. Only happens once upon signing up and it's sent to you during confirmation really didn't go out of my way to pound the delete button. I can certainly see how it could concern someone though.

I figure that this should be my first official post, since people should know this. Fes, if you already know this, my apologies. This info might be useful for others who are wondering "What's the big deal?" though.

Here's some relative links on the errors and dangers of storing/sending passwords as plain text.
http://security.stackexchange.com/questions/17979/is-sending-password-to-user-email-secure
http://security.stackexchange.com/questions/160/what-type-of-content-better-not-to-transfer-by-email?rq=1
https://stormpath.com/blog/why-you-might-want-to-store-your-passwords-in-plain-text/

It's not about what you do with the plain-text password - it's what others can do with it.

The usual way to store a password is to put it through an algorithm to produce a string that is not your password. For example, your password is "12345". You put it through the algorithm (e.g. hash function) to produce "abcde" instead. This way, it slows any hacker down because they still need to reverse-engineer the algorithm in order to get to your original password.

There have been several password leakages in history, like Yahoo, Facebook, Gmail, etc. The 3 mentioned companies most likely store their passwords using an algorithm/hash method to make it harder for people to steal & translate. If people were able to steal non-plain-text passwords from major companies, think about how easy Blue Crown is making it for them?

Here's a link on hashing passwords: http://security.blogoverflow.com/2011/11/why-passwords-should-be-hashed/

EDIT:
From that last link:
"A drawback of password hashing is that since you do not store the passwords themselves (but only a piece of data which is sufficient to verify a password without being able to recover it), you cannot send back their passwords to users who have forgotten them."

If Blue Crown is sending you your password in plain-text, then there could be these 2 possibilities: either their hash algo is 2-way, or they literally store their password in plain-text. 

If anyone with more technical experience than I (QA guy who majored in Computing Science) would like to add or correct me, please do!

Hello! My name is Arthur and I've been collecting playing cards since October 2013. My girlfriend was the one who started me on this hobby when she got me the White Ghost deck for my birthday in August. But I really got hooked in while I was looking for some Zombie decks to go along with a zombie RPG campaign my friends had put together. My search led me to Kickstarter, which introduced me to a plethora of custom playing cards. Since then, my wallet's gotten considerably smaller, while my collection's gotten a little bigger (I hope to post a collection picture in the collection thread soon...)

I've also started learning magic tricks since a month ago! Cardistry proved too difficult for my small hands (this is a common excuse but in my case, it is definitely true). I have played violin so my hands are dexterous than most, but a lot of the cuts (like the 1-handed shuffle & Conor O'Kane's Snowglobe) require too much palm-space for me.

I hope to learn lots about playing cards, the industry, magic, everything here! I've lurked around the forum a lot, and I've come to the conclusion that many of you are quite nice and friendly So it was high time that I've stopped being a lurker (for the most part). Here's to us getting along, denizens of Aethercards Thanks for reading.

Cheers,
Arthur