Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Account Passwords....
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Account Passwords....
Account Passwords....
28-06-2014 9:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Yesterday I forgot my password and requested a reminder....
I received an email, with my password, in clear text.
Basically as I understand it this should not be possible. It means Plusnet are storing passwords in clear text, not hashed and salted as they should be, and if their database is compromised the hackers get the lot. If you're sharing passwords between accounts they have a good head start to hacking those as well.
This is first principles stuff and to be honest I'm shocked - its all very well offering us security software downloads, but it seems to me the biggest hole is the Plusnet backend systems.
Could someone from Plusnet comment please?
I received an email, with my password, in clear text.
Basically as I understand it this should not be possible. It means Plusnet are storing passwords in clear text, not hashed and salted as they should be, and if their database is compromised the hackers get the lot. If you're sharing passwords between accounts they have a good head start to hacking those as well.
This is first principles stuff and to be honest I'm shocked - its all very well offering us security software downloads, but it seems to me the biggest hole is the Plusnet backend systems.
Could someone from Plusnet comment please?
2 REPLIES 2
Re: Account Passwords....
28-06-2014 12:48 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This comes up from time to time.
Passwords are stored on a secured (only accessible from an internal to Plusnet connection, probably secured over a VPN too ... In other words, not accessible from the internet) system, and they are encrypted.
All accesses to the passwords are recorded and logged when a member of support access them.
The passwords need to be stored in an unencryptable form, so that support can check various aspects of your account when you have queries (e.g. mailbox problems), again when the passwords are retrieved for this purpose the retrieval is logged.
For 'hackers' to gain access to the database, they'd have to physically be on Plusnet premises.
P.S. Welcome to the forums.
Passwords are stored on a secured (only accessible from an internal to Plusnet connection, probably secured over a VPN too ... In other words, not accessible from the internet) system, and they are encrypted.
All accesses to the passwords are recorded and logged when a member of support access them.
The passwords need to be stored in an unencryptable form, so that support can check various aspects of your account when you have queries (e.g. mailbox problems), again when the passwords are retrieved for this purpose the retrieval is logged.
For 'hackers' to gain access to the database, they'd have to physically be on Plusnet premises.
P.S. Welcome to the forums.
Re: Account Passwords....
06-07-2014 8:12 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
The Member centre password is unfortantly also the password your router uses to connect.
So it's stored insecurely there as well, and given the secuirty only a lot of soho routers it wouldn't suprise me if it's possible to get some of them to disclose it as well.
Probably good idea to use a different password for plusnet than you do for anywhere else (Actually you should be doing that for every site, but lets be honest people can only remember so many passwords)
So it's stored insecurely there as well, and given the secuirty only a lot of soho routers it wouldn't suprise me if it's possible to get some of them to disclose it as well.
Probably good idea to use a different password for plusnet than you do for anywhere else (Actually you should be doing that for every site, but lets be honest people can only remember so many passwords)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Account Passwords....