cancel
Showing results for 
Search instead for 
Did you mean: 

Storing plain text password in 2019, really?

Highlighted
azhmur
Newbie
Posts: 2
Thanks: 1
Registered: ‎14-05-2019

Storing plain text password in 2019, really?

I have contacted support via chat and was asked for selected letters from my password as a prof of identity, unfortunately it proves passwords are stored plaintext not hashed with salt as recommended by modern security guidelines. This is kind of red flag for any person who have experience with web security.

While GDPR doesn't clearly states how passwords should be stored it requires them to handled secure way, and plaintext leaks are punished by fines.

https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/

 

Please consider moving from storing plaintext password to hashed with salt. 

2 REPLIES 2
Moderator
Moderator
Posts: 20,714
Thanks: 2,803
Fixes: 558
Registered: ‎11-01-2008

Re: Storing plain text password in 2019, really?

There are many topics on the forum such as this one that discuss this e.g.

https://community.plus.net/t5/My-Account-Billing/Why-does-Plusnet-store-my-account-password-in-plain...
Customer / Moderator
If it helped click the thumb
If it fixed it click 'This fixed my problem'
azhmur
Newbie
Posts: 2
Thanks: 1
Registered: ‎14-05-2019

Re: Storing plain text password in 2019, really?

It seems developers misunderstand basic notion of what hashing is.

https://community.plus.net/t5/My-Account-Billing/Plusnet-stores-my-account-password-in-the-clear/m-p...

 

Ok, i will follow up with ICO.