cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Storing plain text password in 2019, really?

azhmur
Newbie
Posts: 2
Thanks: 2
Registered: ‎14-05-2019

Storing plain text password in 2019, really?

‎14-05-2019 7:26 AM

I have contacted support via chat and was asked for selected letters from my password as a prof of identity, unfortunately it proves passwords are stored plaintext not hashed with salt as recommended by modern security guidelines. This is kind of red flag for any person who have experience with web security.

While GDPR doesn't clearly states how passwords should be stored it requires them to handled secure way, and plaintext leaks are punished by fines.

https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/

 

Please consider moving from storing plaintext password to hashed with salt. 

Message 1 of 3
(1,017 Views)
2 REPLIES 2
dvorak
Moderator
Moderator
Posts: 29,499
Thanks: 6,627
Fixes: 1,483
Registered: ‎11-01-2008

Re: Storing plain text password in 2019, really?

‎14-05-2019 8:06 AM

There are many topics on the forum such as this one that discuss this e.g.

https://community.plus.net/t5/My-Account-Billing/Why-does-Plusnet-store-my-account-password-in-plain...
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Message 2 of 3
(997 Views)
0 Thanks
azhmur
Newbie
Posts: 2
Thanks: 2
Registered: ‎14-05-2019

Re: Storing plain text password in 2019, really?

‎14-05-2019 9:04 AM

It seems developers misunderstand basic notion of what hashing is.

https://community.plus.net/t5/My-Account-Billing/Plusnet-stores-my-account-password-in-the-clear/m-p...

 

Ok, i will follow up with ICO.

 

Message 3 of 3
(973 Views)