How we “don’t” store your password
Posted June 21, 2007on:
Some people were concerned about providing their MySpace password to us when using our auto insert software. We DON’T store the MySpace password anywhere on our servers and we only use them to insert or undo your layout. The thing is, if you are a returning user, you can login to our site using your MySpace password to view your layout history. I hear some people saying “Heeey, wait a minute, you say you don’t store our passwords, but how are we still able to login to your site using them if you don’t keep them?”
Well let me explain how and it’s pretty straight forward.
When users enter their password to login to our site, we encrypt their password and match it against the encrypted version of the password that we do store on our servers. We have no ability to unencrypt the password, and as far as we know, neither does anybody else (except maybe NSA!). Thus, this is just to uniquely identify the user to show them their history and link them to their myspace account. So, even if hackers get access to our database, they have no ability to retrieve/decrypt any passwords (and neither do we).
Still don’t believe me? :) OK, here’s a screenshot of how the passwords are encrypted.
It’s a pretty interesting technology and let me tell you something interesting. I have many MySpace demo accounts to showcase some of the example layouts using our editor and I use the same password for all of them :D You would think all the encrypted one would look the same right? WRONG! They all look different so I have no way of retrieving it myself when I get amnesia :)