12 posts
  • 7 Years of Membership
  • Australia
  • Collector Level 3
rochow
says

How does this work? Aren’t the passwords encrypted?

3197 posts
  • Affiliate Level 7
  • Author Level 5
  • Collector Level 3
  • Feedback Guru
+14 more
94
says

Hi rochow, according to the article Why isn’t my chosen password acceptable on the Envato Marketplaces?

When setting or updating a password, you’ll be notified if your choice does not pass our validation, and prompted to create a stronger password. This will occur if your password is:

  • A weak combination of common dictionary words or passwords (e.g. password);
  • A weak permutation of one (p@ssw0rd, password123);
  • A variation on an Envato term, your username or your account details
  • (e.g. themeforest123);
  • Too short or;
  • Otherwise insecure.
12 posts
  • 7 Years of Membership
  • Australia
  • Collector Level 3
rochow
says

It happens every time I login, I haven’t tried to update it.

So my question is more, “is the database actually encrypted or are the passwords being checked”, or is there a saved flag from way back which is causing the prompt.

3197 posts
  • Affiliate Level 7
  • Author Level 5
  • Collector Level 3
  • Feedback Guru
+14 more
94
says

Oh, you mean a warning appears, saying that your current password is weak, every time you log in?

12 posts
  • 7 Years of Membership
  • Australia
  • Collector Level 3
rochow
says

Yep

3197 posts
  • Affiliate Level 7
  • Author Level 5
  • Collector Level 3
  • Feedback Guru
+14 more
94
says

I personally don’t know the technical/security inner workings of the login/prompt itself. My guess is, if your current password falls under one of the listed items above, then, that’s most likely the reason you’re seeing the warning.

If you’d like further technical clarification, you can always contact support, and the appropriate staff will gladly get back to you.

12 posts
  • 7 Years of Membership
  • Australia
  • Collector Level 3
rochow
says

Yep, my question is how is it judged – given that any passwords in a database should be encrypted, so should have no idea what my password is, and therefore can’t figure out if it’s easy, hard, or whatnot.

It seemed to appear from nowhere one day, which is why I’m questioning it.

Like, there are ways to figure it out while having the DB is encrypted, but I want to make sure. You can never be too careful, even big companies screw up the basics. Before I actually do make a hard password, then turns out it’s all plain text :)

3535 posts
  • Power Elite Author
  • Author Level 12
  • Trendsetter
  • United States
+13 more
sevenspark
Moderator
says

[removed just to be cautious]

12 posts
  • 7 Years of Membership
  • Australia
  • Collector Level 3
rochow
says

:)

I didn’t want to say the options in case someone just said “yeah that’s how we do it” even though it wasn’t.

There’s definitely ways to do it, I just want to make sure it is encrypted, before I change it.

Better to be cautious – I’ve already lost credit cards etc from lazy protection. SOOO painful to have to update that info, probably a few dozen things are hooked to it, failed payments all over the place.

3535 posts
  • Power Elite Author
  • Author Level 12
  • Trendsetter
  • United States
+13 more
sevenspark
Moderator
says

Well, none of the mods here will have insight into this, and it doesn’t make sense to discuss publicly I think. With that in mind, I think it’s best to discuss any concerns you have in private with support, as dzinc suggested :)

by
by
by
by
by
by