- Issue created by @prudloff
Thank you for reporting. Using an access code is inherently less secure than a username/password. It is a compromise in security in favor of convenience, and there is a warning about this on the module page.
I certainly agree that storing passwords in plain text is inappropriate. However, access codes are typically 4-6 digits. If they were hashed, they could be cracked in under a second, given someone has access to the database. Therefore, in relation to this module, I don't perceive hashing as a major security enhancement.