cancel
Showing results for 
Search instead for 
Did you mean: 

Unencrypted account passwords??? really?

KitFox
Grafter
Posts: 75
Registered: ‎23-12-2009

Unencrypted account passwords??? really?

http://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/
Please tell me this is not true plusnet & you are not storing passwords in plaintext format & arent using unhashed & unsalted strings as verification ?Huh
Not only that I also hope that the following isnt true, please tell me you arent ignoring the advice of the CESG & other security professionaqls & insisting that 'your way is the best way, because thats how you do it'  ?Huh
This is exactly how security breaches happen, in much the same way that your email servers dont use any security either.  Are we really supposed to just accept this?
Given how lapse the security is & the now advertised risk you are presenting to your users, you seem to be painting an awfully big liability target on your back should anyone lose out if your databases of passwords or other information is ever compromised
1 REPLY
Moderator
Moderator
Posts: 27,341
Thanks: 1,893
Fixes: 174
Registered: ‎14-04-2007

Re: Unencrypted account passwords??? really?

Moderator Note
Locked in favour of http://community.plus.net/forum/index.php/topic,146131.0.html on the same subject.

Customer and Forum Moderator. Windows 10 Firefox 64.0 (64-bit)