A one-time password is usually generated and emailed, then hashed and stored, so... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		smackfu on Jan 31, 2012 \| parent \| context \| favorite \| on: 37Signals benchmarks uptime vs five leading webapp... A one-time password is usually generated and emailed, then hashed and stored, so not generally stored in plaintext.

skrish on Feb 1, 2012 [–]

It is called a one time password for a reason. Since it has been sent out via some medium in plain text, it is a good practice to force change password on next login.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact