|
I sent an e-mail to them expressing my displeasure about the password thing. They replied with a link to a forum on their site discussing the matter. Their tech posted in that forum that they do not store the password in plain text in their database. It is encrypted, along with the social security numbers and taxpayer ID numbers, in a manner that allows it to be decrypted, which is how they are able to e-mail it to you when requested.
He claimed they are working on a one-way hash method for passwords so that it cannot be decrypted, but the SSN and TINs must remain in the encrypted format so they can be used in reports, etc.
|