

TigerDirect.com stores passwords in a retrievable format - berdon

Your Password...<p>Dear XXXXXX,<p>Your Email Login Is: XXXXXX 
Your TigerDirect Password Is: XXXXXX<p>To change your password click on the following link and log in: https://www.tigerdirect.com/secure/OrderLogin.asp?PG=1<p>Should you have any questions click here to visit our Customer Cervice center.<p>Great Deals Below...
Samsung Galaxy Tab 2 10.1" Tablet, Dual Webcams, WiFi<p>$399.99		Viewsonic 7" Digital Photo Frame w/ SD Card Slot<p>$29.99		Linksys Wireless-N Home Router, Recertified<p>$18.99		Presto! Pagemanager 9 Professional<p>$65.99<p>Search over 100,000 Products in Stock...
Refer-A-Friend			
Deal Alerts via<p>TigerDirect.com is not responsible for typographical errors or omissions. This email was sent to XXXXXX in response to Order # .<p>Note that TigerDirect.com never sells, rents, or shares your email address. For more information, please review the TigerDirect.com Privacy Policy at: http://www.tigerdirect.com/sectors/aboutus/privacy.asp<p>Call Center Hours of Operation: Mon - Fri: 7am til 1am ET and Sat - Sun: 8am til Midnight ET<p>For Merchandise Returns: c/o TigerDirect Warehouse - 175 Ambassador Drive, Naperville, IL 60540<p>Copyright © 2012 - TigerDirect, Inc. 7795 West Flagler Street, Suite 35, Miami, FL 33144 (Corporate Headquarters: No Returns Accepted)
LEGAL NOTICES| PRIVACY POLICY
======
slantyyz
Or, they could be storing encrypted passwords as opposed to hashed passwords?

~~~
stephengillie
Either way, there should be no way they can retrieve your password to send it
to you.

I'm not a security expert, but I've seen HN posts where others describe this.

~~~
slantyyz
>> Either way, there should be no way they can retrieve your password to send
it to you.

I don't disagree with that, but the headline leads one to a particular
conclusion despite the set of facts that the OP provided.

~~~
berdon
Fixed :)

