Words of Heart

Dating app matching with passwords - beware what you share

get it

Words of Heart is an app with a unique take on online dating -- create an account and you will be matched with other singles based on your password ❣️

Please note the password you use will be sent in plain text to the server -- it is not secure. Don't use a password you use on any other accounts.


  • Daniel LiFullstack JavaScript Developer

    None. The password is sent in plain-text to the server.


    The password is sent in plain-text to the server.

    It's not open-source, goodness knows what they're doing with your password.

    Insecure application. DO NOT USE. Terrible UX as well.

    Daniel Li has never used this product.


You need to become a Contributor to join the discussion - Find out how.
Chris Messina@chrismessina · Product designer & entrepreneur
They should have named this Plenty of Phish.
AbadesiHunter@abadesi · 👩🏽‍💻 Product Hunt | Hustle Crew | NTT
Lyondhur@lyondhur · T&R Project Manager at Weta Digital
@chrismessina This comment WINS all !!
Daniel Li@d4nyll · Fullstack JavaScript Developer
@paul__walsh It might take a bit of time. But if you can explain briefly _how_ this is insecure, it might make the post more understandable.
Andrew Urbański@jedrzejurbanski · Sheetsu
Wooaaaah! What about the security of my password? 🙀
Cam BurleyPro@codecamcode
😂😂Sometimes we need something on here to not take ourselves so seriously
Ben Flowers@benoj · Platform Engineer @ Wrisk
given most people use the same password for everything, seems like a bit of a risky proposition....
AbadesiHunter@abadesi · 👩🏽‍💻 Product Hunt | Hustle Crew | NTT
Hello @krzysztof_zajac I wanted to hunt this as soon as I found it, I really like the idea -- could you please tell us more about how you came up with it, how the matching works and the *biggest* question; anyone fallen in love yet?
Daniel Li@d4nyll · Fullstack JavaScript Developer
@krzysztof_zajac @abadesi This application sends passwords in plaintext to the server. Given many people use the same password for all the accounts, this is extremely insecure. You basically have to trust the developers to store it properly and not to harvest it. Furthermore, because someone from Product Hunt hunted it, it looks like an endorsement. This is extremely insecure and I'd would consider taking it down to prevent more users exposing their passwords.
AbadesiHunter@abadesi · 👩🏽‍💻 Product Hunt | Hustle Crew | NTT
Hey @d4nyll the whole point of this website is to find users a date with the password they create. It is completely transparent about the fact that the password will be seen and used for matching. @krzysztof_zajac is open about what he is trying to achieve. I hope anyone creating an account here will have read the purpose of the website and before signing up. I posted it because I think it's a fun approach to online dating.
Daniel Li@d4nyll · Fullstack JavaScript Developer
@krzysztof_zajac @abadesi I understand the premise of the site, and I am not doubting the intentions of @krzysztof_zajac. All I am saying is that the application is intrinsically insecure, whilst giving no warning that their passwords are sent in plain text. @abadesi Working in the tech industry, it might be completely obvious to you that "of course the users know their password will be seen", but this is certainly not true for everyone.
Krzysztof ZającMaker@krzysztof_zajac
@abadesi The matching is done by comparing hashes (we don't salt them to be able to speed up search via database indexes). I don't know if anyone has fallen in love yet, but I hope they will share that news :)
AbadesiHunter@abadesi · 👩🏽‍💻 Product Hunt | Hustle Crew | NTT
Sensible point @d4nyll - I have now updated the tag line and description so it's crystal clear to people to not use passwords used in other accounts. Thanks for flagging.