I have had my ipad for a week now and I like it a lot but that is not what this post is about. This post is about an app I downloaded and how that app saves my password in plain text. How do I know they do this? Because if I request them to send me my password they actually are able to do it. Here is the proof. More or less.
Saving someones password is just plain wrong. It’s basic security 101. If you still do this than you are not worth the money they pay you.
A website storing a password in plain text means that your password is there, waiting for someone to come and take it. It doesn’t even matter if you’ve created the strongest possible password. It’s just there.
Whether it’s someone hacking into their servers, using a simple flaw in their site or even stealing their backups, over 30% of sites store plain text passwords.
We’re tired of websites abusing our trust and storing our passwords in plain text, exposing us to danger. Here we put websites we believe to be practicing this to shame.
Found a text offender? Anonymously submit it to us and put it to shame!
Are you a developer? Read about what you can do to solve it on your website.
More reading on why even just sending the password via email without storing it in plain text is bad.
Created by @hmemcpy and @omervk.
Photo by Michael Reidel cc-by
I also sent a mail to Marvel.com about this with a link to the site. I so hope they change this. It is very easy to change and there are plenty of copy paste solutions out there.
Proof that you care about security and get the basics right. This is also the reason why you need a different password for all accounts you have. Let’s not forget what happened to Sony.