Major Web Sites Routinely Expose User Passwords by Using Plain Text

Saturday, December 27, 2014
(graphic: Getty Images)

It’s something impossible to avoid in the online world: using passwords. But an investigation showed thousands of websites routinely expose these electronic safety measures to anyone.


Jeff Fox wrote in his State of the Net blog that companies routinely reveal passwords in plain text while emailing customers. This can happen when a user forgets a password and asks for it to be sent to him or her. Among those who Fox has caught doing this are AT&T, The New York Times, Macy’s and Princess Cruises.


Users often use the same password for more than one account, so exposure on an online shopping service could lead to a hacker accessing a bank account.


Rick Redman, a senior security consultant at KoreLogic Security, told Fox that sending passwords in plain-text invites a user’s account to be compromised”


“It also means that the company not only KNOWS your password, but stores it in a method that anyone can see…it is an insult to the customer. In my mind, it is the same as saying, ‘we do not care about your security,’” Redman said.


Fox recommends that users have a different password for each website, use a password manager and use two-factor authentication when it’s available. Examples of two-factor authentication are a bank card and a pin number; a password and a fingerprint, and a password and a security question.

-Noel Brinkerhoff


To Learn More:

Passwordgate: Thousands of Websites Have Been Openly Exposing User Passwords (State of the

Sony Emails Show a Studio Ripe for Hacking (by Ted Bridis, Associated Press)


Leave a comment