Protect password

[tribela]

Currently sh8 uses username__password format to set a password. But it is not private, Because the email address contains the password. It is absolutely dangerous. To protect password, Make a scrambled version of email address like Guerrilla does.

[getogrand]

Hmm, I can't see the Guerrilla site since it does not response.

Anyway, I don't think the [email protected] format is unsecure. We provide the password to mail sender only and other people can't see the password.

Moreover, the scrambled email address is very harmful for UX. Let's imagine the usecase. If I want to receive an email to apply a lottery event, then I have to...

• Using scrambled email address
  1. Open a new tab and go to sh8.email service.
  2. Generate scrambled email address on sh8.email and copy it.
  3. Back to previous tab(the event page)
  4. Paste to fill the email field.
• Using [email protected] email address
  1. Fill the email field.

However, thanks for your opinion! If you have another method to improve our security, feel free to let us know. :heart:

[tribela]

Yes, the email address cannot revealed on lottery use case, But how about this: Someone wanted to receive emails anonymously from anyone (like Korean bamboo forests do). The email address should be opened to public and it contains the password.

How about maintain current method(username__password) and make another format to enhance security like username++scrambledPassword

However, if maintain current "username__password" method, sh8 should warn or block to not use username_like__this

[kyunooh]

@getogrand, I did talk with @Kjwon15 another place. We didn't consider about that feature. Cause we are following simple way now.
but I think we could solve this issue by UX.

I can't develop this feature right now (we have some issues about human resource... T.T). And Thanks again Kjwon15 about leave the issue :D