murratoreQ: Security
I signed up for Syllabbles to do a short evaluation. Now one day later I receive an email from Syllables for thanking me signing up and in the same email is my username and password in cleartext. I repeat cleartext.
Where in the world is this good security practice that you save my password in cleartext in your backend. If probably this foundational thing is solved in a more than questionable manner, I don't wanna know what other things done....
That's not serious and I recommend that you hire/consult a good cybersecurity expert.
Magnus_Syllabbles
Apr 12, 2026A: Thank you for raising this.
To clarify, passwords are not stored in cleartext in our backend. If account access details were shown in that onboarding flow, it was intended to help a new user quickly access the account they had just created using the same email address they signed up with. Users can also change or reset their password at any time.
We also understand your concern about the timing, and we are looking into why that onboarding email appears to have arrived a day later than expected for you.
That said, we are reviewing the onboarding experience as a whole to make sure it reflects the standard we want for user trust and security. And it will be updated. Thank you!
Sorry, but this answer is too simple. Normally not a password is saved, but a hash of it. So no attacker could even reproduce it. If you as Provider of a Software solution can reconstruct my password, something is completely wrong.
Thank you for the follow-up. You are right to make that distinction.
To clarify, we do not reconstruct passwords from storage, and passwords are not stored in cleartext in our backend. The concern here relates to what may have been included in the onboarding flow at the point of account creation, not to us retrieving a password later from stored records.
We take security and user trust seriously