SoylentNews is people
SoylentNews
The third largest breach ever just happened in Finland. Passwords were stored in plaintext. At T-Mobile Austria, they explain that of course they store the password in plaintext, but they have so good security so it's nothing to worry about. At what point does this become criminally negligent?
This discussion has been archived.
No new comments can be posted.
At What Point Does Storing Passwords in Plaintext Become Criminally Negligent
|
Log In/Create an Account
| Top
| 138 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
For recreational use only.
(Score: 2) by choose another one on Sunday April 08 2018, @04:19PM
> A historian would be able to better answer the question of how many decades it has been established as best practice to use a salted hash for passwords.
And how do partial password implementations (which is, I think, standard in some form on all of the banking sites I use) work with your "best practice"?
It all depends where you think the weakest point in the security actually is, sometimes the weakest link is the client or the customer, client-side malware, phishing or plain old shoulder surfing may be a much larger risk (and far more difficult for a bank, say, to control and secure) than server-side password storage. Partial password implementations reduce client-side risks. Incompetence?