Why is the Password Answer stored in plain text
I have noticed that the Sitefinity Membership provider is storing the password answer in plain text. IMHO that is just as storing the password itself in plain text. Can this somehow be changed. I don't want to go into the hassle of creating my own membership provider.
I think no one should know the password besides the user and that goes for the password answer as well. I am not a security expert but in every asp.net tutorial for writing membership providers the answer is encrypted/hashed as well.
Any comment?
Hello,
Currently Sitefinity does not support this functionality out of the box. We find this a reasonable suggestion so I have logged it in our system as a feature request. You can follow its progress and vote to increase its popularity here.
Regards,