SoylentNews is people
SoylentNews is powered by your submissions, so send in your scoop. Only 7 submissions in the queue.
SoylentNews
The third largest breach ever just happened in Finland. Passwords were stored in plaintext. At T-Mobile Austria, they explain that of course they store the password in plaintext, but they have so good security so it's nothing to worry about. At what point does this become criminally negligent?
This discussion has been archived.
No new comments can be posted.
At What Point Does Storing Passwords in Plaintext Become Criminally Negligent
|
Log In/Create an Account
| Top
| 138 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Wrinkles should merely indicate where smiles have been.
-- Mark Twain
(Score: 3, Informative) by darkfeline on Sunday April 08 2018, @10:32PM (1 child)
The thing is, hashing passwords is so easy and is such a basic security practice that not doing so is a clear failure to take "reasonable precautions".
Also, breaches happen so often (literally every other day) that of course it is a "foreseeable" event. It happens much more often than, say, people getting killed by unprotected high voltage wires, it's much easier to protect against via hashing/salting, it affects millions/billions time as many people when it happens, and somehow failure to take reasonable security precautions is not gross negligence?
I'm not saying that this is how the law will be interpreted "de facto", but rather how the law should be interpreted "de jure" in the spirit of the law by anyone with (not so) common sense.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Monday April 09 2018, @10:45AM
But how else would you have "cleaver" security systems, like tell you that you have used part of the password before, going months? And then tell you to update your password every 3 months?
Yes, the world is retarded.