How securely do they store user passwords & how good are they at letting us know?
@PasswordStorage • Rating guide
All sites
Full algorithm: MD5(HMAC-MD5(MD5(password)))
MD5(HMAC-MD5(MD5(password)))
Disclosures:
Inappropriate function used to hash passwords but passwords are salted, at least.
Recommended change: Start using “slow” hashes, don't forget to re-hash existing passwords, publish hashing info visibly, then let me know.