Two quick questions:

1) Are you storing passwords in plain-text in your database? When I signed up you sent me an activation email containing my password!

2) How do I change my password?

Thanks, - Andrew Davey

andrewdavey about 10 years ago

Hi Andrew,

We store the passwords in a salted hash in our DB - not plain text. The mailing you received contained the password in plain text to serve as a note of record should you forget in the future. Our site doesn't rely on https, therefore all communication between you and Ohloh is relayed as plaintext and not very secure. We don't have the ability to reset your password yet, but if you'd like I could either:

  1. Delete your account so you can recreate it with a different password
  2. Modify your password to either a random one or something of your choosing (mail me at

Sorry if this surprised you in any way,


Jason Allen about 10 years ago

Post a Response