The third largest breach ever just happened in Finland. Passwords were stored in plaintext. At T-Mobile Austria, they explain that of course they store the password in plaintext, but they have so good security so it's nothing to worry about. At what point does this become criminally negligent?
(Score: 2) by choose another one on Sunday April 08 2018, @04:19PM
> A historian would be able to better answer the question of how many decades it has been established as best practice to use a salted hash for passwords.
And how do partial password implementations (which is, I think, standard in some form on all of the banking sites I use) work with your "best practice"?
It all depends where you think the weakest point in the security actually is, sometimes the weakest link is the client or the customer, client-side malware, phishing or plain old shoulder surfing may be a much larger risk (and far more difficult for a bank, say, to control and secure) than server-side password storage. Partial password implementations reduce client-side risks. Incompetence?