Web-sites with insecure password policy

Here are some examples of web-sites which send your passwords on demand in clear text back to your inbox. This practice, AFAIK, is very insecure and proves your passwords are stored in clear text as well.

As of 150216-1736 MO:
https://reg.adecco.fi/AdaptWSC/login/login_view.jsp
* Should probably send the company a notice, because they collect loads of information about the user, because of the nature of the site (it’s a HR /recruitment company site, i.e. they intentionally make a big profile on each user).

Clear text password sent back in email

Addecco sends passwords back in plaintext

/ A short final notice:
Hackers broke into security systems of Sony Corporation for several times,
they hack into multinational banking systems (seem to do it regularly), and there have been some system administrators who just might leak confidential information from their systems.

After these (and many others!) great security fiascos you might have reasonable doubts on the security of the web-sites you use AND the loyalty of the personnel who has access to all the user’s information (especially, when using your own stored plaintext password, another person can impersonate you, when handling your information).

It just would be much better to have at least one more layer of security:
a good password which is not stored as cleartext, but is hashed.

Advertisements

Comments are closed.

%d bloggers like this: