Ask HN: Does Namecheap store passwords in clear text?

2 points

15 years ago

a few weeks ago I had problems accessing some features on namecheap.com, so I turned to their online support. After failing to resolve the issue, the support guy suggested doing what I needed for me.

To do that he said he needed the first 3 characters of my password. I asked if he were able to see my password, and he replied that he couldn't, and that he would feed those characters to a system that would conduct a check.

His answer wasn't really convincing, but as I needed these things done quickly (and the password was unique to that account), I played along, and since forgot all about it.

I would like to know, is there any way they're not storing passwords as clear text?

EDIT: he asked for the first 3 chars but actually claimed that any 3 would do. It makes sense (as suggested below), that they store hash of the first 3, and that he just didn't know what he was talking about.

3 comments