wrong, most can only see the hash. they would have to decrypt it to see the password
i use the exchange before but even i can tell you no matter how well it works the non hashing is the single flaw in there
Are you joking?? Of course they can see the password, it's the admin (or their software) that does the hashing in the first place.
Admin wanting to have passwords 101.1) User enters passwords
2) Code on site logs cleartext password to a logfile, then hashes password into the database.
Non hashed passwords in the database only make the database more vulnerable should it be stolen. That's it. It doesn't make RS untrustworthy. Let's just hope his db is unstealable.
All my sites use JS client side to hash the password and send that over. That hash is then salted server side and rehashed to check against the db. No plain text password ever leaves client machine.