https://community.plus.net/t5/Plusnet-Feedback/Unencrypted-account-passwords-really/m-p/1281812#M66852 <A href="http://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/" target="_blank">http://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/</A><BR />Please tell me this is not true plusnet &amp; you are not storing passwords in plaintext format &amp; arent using unhashed &amp; unsalted strings as verification ?<img class="lia-deferred-image lia-image-emoji" src="https://community.plus.net/html/@3681646702FDFD32BCA97E2E5F1BDDD5/images/emoticons/huh.gif" alt="Huh" title="Huh" /><BR />Not only that I also hope that the following isnt true, please tell me you arent ignoring the advice of the CESG &amp; other security professionaqls &amp; insisting that 'your way is the best way, because thats how you do it'&nbsp; ?<img class="lia-deferred-image lia-image-emoji" src="https://community.plus.net/html/@3681646702FDFD32BCA97E2E5F1BDDD5/images/emoticons/huh.gif" alt="Huh" title="Huh" /><BR />This is exactly how security breaches happen, in much the same way that your email servers dont use any security either.&nbsp; Are we really supposed to just accept this?<BR />Given how lapse the security is &amp; the now advertised risk you are presenting to your users, you seem to be painting an awfully big liability target on your back should anyone lose out if your databases of passwords or other information is ever compromised Wed, 25 Nov 2015 22:43:39 GMT KitFox 2015-11-25T22:43:39Z https://community.plus.net/t5/Plusnet-Feedback/Unencrypted-account-passwords-really/m-p/1281812#M66852 <A href="http://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/" target="_blank">http://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/</A><BR />Please tell me this is not true plusnet &amp; you are not storing passwords in plaintext format &amp; arent using unhashed &amp; unsalted strings as verification ?<img class="lia-deferred-image lia-image-emoji" src="https://community.plus.net/html/@3681646702FDFD32BCA97E2E5F1BDDD5/images/emoticons/huh.gif" alt="Huh" title="Huh" /><BR />Not only that I also hope that the following isnt true, please tell me you arent ignoring the advice of the CESG &amp; other security professionaqls &amp; insisting that 'your way is the best way, because thats how you do it'&nbsp; ?<img class="lia-deferred-image lia-image-emoji" src="https://community.plus.net/html/@3681646702FDFD32BCA97E2E5F1BDDD5/images/emoticons/huh.gif" alt="Huh" title="Huh" /><BR />This is exactly how security breaches happen, in much the same way that your email servers dont use any security either.&nbsp; Are we really supposed to just accept this?<BR />Given how lapse the security is &amp; the now advertised risk you are presenting to your users, you seem to be painting an awfully big liability target on your back should anyone lose out if your databases of passwords or other information is ever compromised Wed, 25 Nov 2015 22:43:39 GMT https://community.plus.net/t5/Plusnet-Feedback/Unencrypted-account-passwords-really/m-p/1281812#M66852 KitFox 2015-11-25T22:43:39Z https://community.plus.net/t5/Plusnet-Feedback/Unencrypted-account-passwords-really/m-p/1281813#M66853 <B>Moderator Note</B><BR />Locked in favour of <A href="http://community.plus.net/forum/index.php/topic,146131.0.html" target="_blank">http://community.plus.net/forum/index.php/topic,146131.0.html</A> on the same subject. Wed, 25 Nov 2015 22:46:22 GMT https://community.plus.net/t5/Plusnet-Feedback/Unencrypted-account-passwords-really/m-p/1281813#M66853 Strat 2015-11-25T22:46:22Z