SoylentNews

At What Point Does Storing Passwords in Plaintext Become Criminally Negligent

posted by Fnord666 on Sunday April 08 2018, @02:07PM   
from the easier-to-check-that-way dept.

An Anonymous Coward writes:

https://www.privateinternetaccess.com/blog/2018/04/another-day-another-breach-at-what-point-does-storing-passwords-in-plaintext-become-criminally-negligent/

The third largest breach ever just happened in Finland. Passwords were stored in plaintext. At T-Mobile Austria, they explain that of course they store the password in plaintext, but they have so good security so it's nothing to worry about. At what point does this become criminally negligent?

---

Original Submission

• Re:Intervening cause (Score: 3, Insightful) by requerdanos on Sunday April 08 2018, @04:19PM

  by requerdanos (5997) on Sunday April 08 2018, @04:19PM (#663978) Journal

  The key determining factor is whether the eventual injury is "forseeable" - whether the original person could have reasonably forseen the action that actually caused the injury.

  In the case of either...

  • a valet parking service that leaves the keys in all the cars in a poorly guarded lot that they call "The Most Secure Lot Protecting Your Car In The Known Freaking Universe", or
  • a data service that stores your passwords in plaintext in a poorly guarded database they call "The Most Secure Database Protecting Your Data In The Known Freaking Universe",

  not only could the original person have forseen the action, but so could have a blind, syphilitic monkey [bmj.com].

  Parent

  Starting Score:	1		point
  Moderation		+1
  Insightful=1, Total=1
  Extra 'Insightful' Modifier		0
  Karma-Bonus Modifier		+1
  Total Score:		3