12 posts
    Has been part of the Envato Community for over 6 years Has collected 50+ items on Envato Market
rochow says

How does this work? Aren’t the passwords encrypted?

3197 posts
    Has referred 1000+ members Has sold $10,000+ on Envato Market Has collected 50+ items on Envato Market Attended one of our Meetups around the world
+10 more
ThomGeskin says

Hi rochow, according to the article Why isn’t my chosen password acceptable on the Envato Marketplaces?

When setting or updating a password, you’ll be notified if your choice does not pass our validation, and prompted to create a stronger password. This will occur if your password is:

  • A weak combination of common dictionary words or passwords (e.g. password);
  • A weak permutation of one (p@ssw0rd, password123);
  • A variation on an Envato term, your username or your account details
  • (e.g. themeforest123);
  • Too short or;
  • Otherwise insecure.
12 posts
    Has been part of the Envato Community for over 6 years Has collected 50+ items on Envato Market
rochow says

It happens every time I login, I haven’t tried to update it.

So my question is more, “is the database actually encrypted or are the passwords being checked”, or is there a saved flag from way back which is causing the prompt.

3197 posts
    Has referred 1000+ members Has sold $10,000+ on Envato Market Has collected 50+ items on Envato Market Attended one of our Meetups around the world
+10 more
ThomGeskin says

Oh, you mean a warning appears, saying that your current password is weak, every time you log in?

12 posts
    Has been part of the Envato Community for over 6 years Has collected 50+ items on Envato Market
rochow says

Yep

3197 posts
    Has referred 1000+ members Has sold $10,000+ on Envato Market Has collected 50+ items on Envato Market Attended one of our Meetups around the world
+10 more
ThomGeskin says

I personally don’t know the technical/security inner workings of the login/prompt itself. My guess is, if your current password falls under one of the listed items above, then, that’s most likely the reason you’re seeing the warning.

If you’d like further technical clarification, you can always contact support, and the appropriate staff will gladly get back to you.

12 posts
    Has been part of the Envato Community for over 6 years Has collected 50+ items on Envato Market
rochow says

Yep, my question is how is it judged – given that any passwords in a database should be encrypted, so should have no idea what my password is, and therefore can’t figure out if it’s easy, hard, or whatnot.

It seemed to appear from nowhere one day, which is why I’m questioning it.

Like, there are ways to figure it out while having the DB is encrypted, but I want to make sure. You can never be too careful, even big companies screw up the basics. Before I actually do make a hard password, then turns out it’s all plain text :)

3430 posts
    Elite Author: Sold more than $75,000 on Envato Market Has sold $500,000+ on Envato Market Located in United States Helps us moderate the forums
+10 more
sevenspark Volunteer moderator says

[removed just to be cautious]

12 posts
    Has been part of the Envato Community for over 6 years Has collected 50+ items on Envato Market
rochow says

:)

I didn’t want to say the options in case someone just said “yeah that’s how we do it” even though it wasn’t.

There’s definitely ways to do it, I just want to make sure it is encrypted, before I change it.

Better to be cautious – I’ve already lost credit cards etc from lazy protection. SOOO painful to have to update that info, probably a few dozen things are hooked to it, failed payments all over the place.

3430 posts
    Elite Author: Sold more than $75,000 on Envato Market Has sold $500,000+ on Envato Market Located in United States Helps us moderate the forums
+10 more
sevenspark Volunteer moderator says

Well, none of the mods here will have insight into this, and it doesn’t make sense to discuss publicly I think. With that in mind, I think it’s best to discuss any concerns you have in private with support, as dzinc suggested :)

by
by
by
by
by
by