How does this work? Aren’t the passwords encrypted?
Hi rochow, according to the article Why isn’t my chosen password acceptable on the Envato Marketplaces?
When setting or updating a password, you’ll be notified if your choice does not pass our validation, and prompted to create a stronger password. This will occur if your password is:
- A weak combination of common dictionary words or passwords (e.g. password);
- A weak permutation of one (p@ssw0rd, password123);
- A variation on an Envato term, your username or your account details
- (e.g. themeforest123);
- Too short or;
- Otherwise insecure.
It happens every time I login, I haven’t tried to update it.
So my question is more, “is the database actually encrypted or are the passwords being checked”, or is there a saved flag from way back which is causing the prompt.
Oh, you mean a warning appears, saying that your current password is weak, every time you log in?
I personally don’t know the technical/security inner workings of the login/prompt itself. My guess is, if your current password falls under one of the listed items above, then, that’s most likely the reason you’re seeing the warning.
If you’d like further technical clarification, you can always contact support, and the appropriate staff will gladly get back to you.
Yep, my question is how is it judged – given that any passwords in a database should be encrypted, so should have no idea what my password is, and therefore can’t figure out if it’s easy, hard, or whatnot.
It seemed to appear from nowhere one day, which is why I’m questioning it.
Like, there are ways to figure it out while having the DB is encrypted, but I want to make sure. You can never be too careful, even big companies screw up the basics. Before I actually do make a hard password, then turns out it’s all plain text
I didn’t want to say the options in case someone just said “yeah that’s how we do it” even though it wasn’t.
There’s definitely ways to do it, I just want to make sure it is encrypted, before I change it.
Better to be cautious – I’ve already lost credit cards etc from lazy protection. SOOO painful to have to update that info, probably a few dozen things are hooked to it, failed payments all over the place.