cancel
Showing results for 
Search instead for 
Did you mean: 

Account Passwords....

crewedave
Newbie
Posts: 2
Registered: ‎28-06-2014

Account Passwords....

Yesterday I forgot my password and requested a reminder....
I received an email, with my password, in clear text.
Basically as I understand it this should not be possible.  It means Plusnet are storing passwords in clear text, not hashed and salted as they should be, and if their database is compromised the hackers get the lot.  If you're sharing passwords between accounts they have a good head start to hacking those as well.
This is first principles stuff and to be honest I'm shocked - its all very well offering us security software downloads, but it seems to me the biggest hole is the Plusnet backend systems.
Could someone from Plusnet comment please?
2 REPLIES
Community Veteran
Posts: 1,136
Thanks: 2
Registered: ‎30-07-2007

Re: Account Passwords....

This comes up from time to time.
Passwords are stored on a secured (only accessible from an internal to Plusnet connection, probably secured over a VPN too ... In other words, not accessible from the internet) system, and they are encrypted.
All accesses to the passwords are recorded and logged when a member of support access them.
The passwords need to be stored in an unencryptable form, so that support can check various aspects of your account when you have queries (e.g. mailbox problems), again when the passwords are retrieved for this purpose the retrieval is logged.
For 'hackers' to gain access to the database, they'd have to physically be on Plusnet premises.
P.S. Welcome to the forums.
F9 member since 4 Sep 1999
F9 ADSL customer since 27 Aug 2004
DLM manages your line the same way DRM manages your rights.
Look at all the pretty graphs! (now with uptime logging!)
dragon2611
Grafter
Posts: 283
Registered: ‎20-10-2013

Re: Account Passwords....

The Member centre password is unfortantly also the password your router uses to connect.
So it's stored insecurely there as well, and given the secuirty only a lot of soho routers it wouldn't suprise me if it's possible to get some of them to disclose it as well.
Probably good idea to use a different password for plusnet than you do for anywhere else (Actually you should be doing that for every site, but lets be honest people can only remember so many passwords)