SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 12 submissions in the queue.
SoylentNews
The third largest breach ever just happened in Finland. Passwords were stored in plaintext. At T-Mobile Austria, they explain that of course they store the password in plaintext, but they have so good security so it's nothing to worry about. At what point does this become criminally negligent?
This discussion has been archived.
No new comments can be posted.
At What Point Does Storing Passwords in Plaintext Become Criminally Negligent
|
Log In/Create an Account
| Top
| 138 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Beware of a dark-haired man with a loud tie.
(Score: 0) by Anonymous Coward on Sunday April 08 2018, @04:47PM (1 child)
What Kashmir did was a crime, even though the security of the MICR line is nil. That could get her deported.
(Score: 0) by Anonymous Coward on Monday April 09 2018, @05:56AM
And so? Same for illegal abuse of passwords/accounts.
The issue is the US banks are/were using ZERO FACTOR authentication/authorization that's exposed to the public on a regular basis and even that's not considered criminally negligent but standard practice. Whereas at least in this Finland case, passwords are used (1-Factor) and though it's plaintext it's not regularly exposed to the public.
So if the US banks aren't going down for criminal negligence for being so insecure and sloppy for such important stuff why should storing passwords in plaintext but not in public for not as important stuff be considered criminally negligent?