Major Web Sites Routinely Expose User Passwords by Using Plain Text
It’s something impossible to avoid in the online world: using passwords. But an investigation showed thousands of websites routinely expose these electronic safety measures to anyone.
Jeff Fox wrote in his State of the Net blog that companies routinely reveal passwords in plain text while emailing customers. This can happen when a user forgets a password and asks for it to be sent to him or her. Among those who Fox has caught doing this are AT&T, The New York Times, Macy’s and Princess Cruises.
Users often use the same password for more than one account, so exposure on an online shopping service could lead to a hacker accessing a bank account.
Rick Redman, a senior security consultant at KoreLogic Security, told Fox that sending passwords in plain-text invites a user’s account to be compromised”
“It also means that the company not only KNOWS your password, but stores it in a method that anyone can see…it is an insult to the customer. In my mind, it is the same as saying, ‘we do not care about your security,’” Redman said.
Fox recommends that users have a different password for each website, use a password manager and use two-factor authentication when it’s available. Examples of two-factor authentication are a bank card and a pin number; a password and a fingerprint, and a password and a security question.
To Learn More:
Passwordgate: Thousands of Websites Have Been Openly Exposing User Passwords (State of the Net.net)
Sony Emails Show a Studio Ripe for Hacking (by Ted Bridis, Associated Press)
- Top Stories
- Unusual News
- Where is the Money Going?
- U.S. and the World
- Appointments and Resignations
- Latest News
- Director of the Agency for Healthcare Research and Quality: Who Is Andrew Bindman?
- Director, Agency for Toxic Substances and Disease Registry: Who Is Ileana Arias?
- Secretary of Treasury: Who Is Steven Mnuchin?
- Secretary of Commerce: Who Is Wilbur Ross?
- Acting Administrator of the Administration for Community Living: Who Is Edwin Walker?