Storing plain text password in 2019, really?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Account/Billing
- :
- Storing plain text password in 2019, really?
Storing plain text password in 2019, really?
14-05-2019 7:26 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have contacted support via chat and was asked for selected letters from my password as a prof of identity, unfortunately it proves passwords are stored plaintext not hashed with salt as recommended by modern security guidelines. This is kind of red flag for any person who have experience with web security.
While GDPR doesn't clearly states how passwords should be stored it requires them to handled secure way, and plaintext leaks are punished by fines.
https://www.theregister.co.uk/2018/11/23/knuddels_fined_for_plain_text_passwords/
Please consider moving from storing plaintext password to hashed with salt.
Re: Storing plain text password in 2019, really?
14-05-2019 8:06 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
https://community.plus.net/t5/My-Account-Billing/Why-does-Plusnet-store-my-account-password-in-plain...
If it helped click the thumb
If it fixed it click 'This fixed my problem'
Re: Storing plain text password in 2019, really?
14-05-2019 9:04 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It seems developers misunderstand basic notion of what hashing is.
Ok, i will follow up with ICO.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- My Account/Billing
- :
- Storing plain text password in 2019, really?