Thursday, August 5, 2010

Websites and Account Management: Threat to Privacy

It's astonishing how many websites are still using archaic methods in storing their users' personal information.

I did stumble across a few in the past but have no recollection of them now, pretty much because I never bothered using them ever again.

The latest encounter was a few minutes ago when I went  to ChangeThis.com to vote for a manifesto. It required registration and I did register, only to find an email from them containing my password in clear text!
I followed my suspicion and changed the password, then logged out, then clicked on "Forgot password" to have them email me the password, and there it was: They sent me the password in clear text rather than a randomly generated one!!!

Why is this an issue? Simply because should one day their website gets hijacked, all registered users' passwords are visible to the attackers and since it also holds their email addresses, the attackers can try each email & password to see if it logs in or not, then collect those that were successfully logged in and sell them to SPAM networks.

Another issue is having a rogue/snoopy employee at the website trying to login to emails using the clear password.

This method of storing password is absolutely unacceptable! Websites should store hashes of the passwords and not the passwords in clear text, and when the user requests a password reset, a randomly generated one should be created, saved & served to the user.

No comments: