As far as I know, they ALL stored the password as plaintext. I ran VBBS and then Iniquity, and those stored the password as plaintext and visible to the sysop.
I also suspect WIIV and Tele(can't remember the last part of the name) stored them as plaintext, but I didn't evaluate those as closely.
I once caught someone calling into my BBS as another user, so I implemented a pseudo 2-factor authentication system that asked for some other details from the profile. I also added a script that made my co-sysops enter a whacky 2nd password in case someone used a vulnerability to download other users' passwords.
I also suspect WIIV and Tele(can't remember the last part of the name) stored them as plaintext, but I didn't evaluate those as closely.
I once caught someone calling into my BBS as another user, so I implemented a pseudo 2-factor authentication system that asked for some other details from the profile. I also added a script that made my co-sysops enter a whacky 2nd password in case someone used a vulnerability to download other users' passwords.