Don't use plaintext passwords

[serprex]

Passwords should be sent as hashes, compared with the hashes on the server (read: your plaintext password shouldn't exist on the server, & your plaintext password should never be transmitted)
Or at least transferred securely (https rather than http)

While I don't have proof of plaintext passwords being stored on the server, I assume so given their transmission

Edit to clarify: I mean passwords for elementsthegame, not the forum

Edit: proof: you can retrieve your password by logging in through kong, which means the server sends your plaintext password to you without receiving it. Which implies it gets it from a db

[TribalTrouble]

Passwords should be sent as hashes, compared with the hashes on the server (read: your plaintext password shouldn't exist on the server, & your plaintext password should never be transmitted)

While I don't have proof of plaintext passwords being stored on the server, I assume so given their transmission

Agreed. This is a huge security risk if present. However, I trust that we have wise admins that have made the necessary precautions for the event of a hacker and have included this while doing so.

Thank you for not going into detail on any security risks publicly.