I'm wondering if admins at this site can see our password. I'm wondering because I will generally use the same or similar password across many sites. That's not the case here but I was thinking that if I, for example, had used my gmail account to register and then used the same password here, if someone could view that, they could log into my google account. I keep a significant amount of financial data in my google docs and someone could very likely access numerous accounts of mine if they had that info.

How likely is it that internet boards and sites in general could view our personal information in a similar manner? Everyday it seems like there are so many more cases of personal information being stolen. Hell, I think Kate Middleton was in the news the other day for her bank account being hacked.

*note to self, figure out Wookie's information*

too late, it's already been eaten by mb

It's something that's typically a concern of mine, I know some sites have it setup so no-one can view them, but really it's up to the creators of the sites/the maker of the program the site uses. I tend to have different categories of passwords. Ones like my bank, ebay, paypal have long complex and unique passwords, other sites I tend to share passwords between, depending on how often I think I'll visit it and how high a security I want on it.
Interestingly enough massassi is my least secure password, because back in the day I wasn't sure how long I would spend here, after all I only signed up to post on one thread (up till then I was strictly a chat dweller)

Unless CM has some super-secret admin powers that I don't, no, we can't:



Any site worth half a damn won't store your password in such a way that it can be (easily) retrieved, anyway. It's typical to salt the password with some kind of keyword and encrypt it. When you log in, the same process is applied to the password you type in, so all comparisons that are made are done solely by comparing two encryption values. Thus, the only times your password is seen is when you register or when you log in and, even then, only by the system you're registering with or logging into.

[ Edit: I'm a big fan of OpenID, myself, since it puts the burden of securely managing your login credentials in the hands of people who might have a clue, e.g. Google or Yahoo, and alleviates developers of sites from the burden of having to securely manage your passwords. ]

Passwords stored at MOST places are hashed and thus cannot be read by anyone including the people who run it. VB here hashes and salts all passwords.

That said, if this is even remotely a concern for you, you need to use different passwords. There's no reason an admin couldn't catch your passwords when you register or login before it goes to the DB. So use different passwords.

If you have any doubt, then definitely use different passwords. Even with passwords being hashed and salts used, that doesn't mean it's impossible for someone to be able to crack it. Some of these hashing methods that are used can be cracked in just minutes or seconds without a salt.

You know wookie, if you would just use lifelock you wouldn't need to worry!

Massassi isn't run by sony, no worries.

Any site admin or content owner doesn't need to know your password, but there are plenty of ways to get it. As mentioned above it can be re-captured anytime you log in, the entire site and database can be cloned and stored to cracked later, logins can be bypassed entirely, or maybe the site doesn't use a one-way hash (something simple like base64 encoding).

Besides, using the same password everywhere is just plain stupid.