I remember hearing before that it’s a sign they are storing your info unencrypted but I never checked.
Is this true? I was logging into a .gov website and noticed it does that.
I remember hearing before that it’s a sign they are storing your info unencrypted but I never checked.
Is this true? I was logging into a .gov website and noticed it does that.
This is the way.
If you’re going to encrypt the email, you need to be careful about how you use and store the key. Doing any operation with the email will be a lot more expensive, and you’ll lose the benefits if an attacker that can access the db also has access to the key.
I personally don’t think it’s worth it and would prefer to spend more time hardening the app, especially if the email is displayed on the site (i.e. it gets decrypted frequently).
It probably makes sense when there’s sensitive data (bank, medical care, etc), but for most things it’s overkill.