Unencrypted account passwords??? really?
http://www.theregister.co.uk/2015/11/25/plusnet_still_delivering_passwords_plaintext/
Please tell me this is not true plusnet & you are not storing passwords in plaintext format & arent using unhashed & unsalted strings as verification ?
Not only that I also hope that the following isnt true, please tell me you arent ignoring the advice of the CESG & other security professionaqls & insisting that 'your way is the best way, because thats how you do it' ?
This is exactly how security breaches happen, in much the same way that your email servers dont use any security either. Are we really supposed to just accept this?
Given how lapse the security is & the now advertised risk you are presenting to your users, you seem to be painting an awfully big liability target on your back should anyone lose out if your databases of passwords or other information is ever compromised
Please tell me this is not true plusnet & you are not storing passwords in plaintext format & arent using unhashed & unsalted strings as verification ?
Not only that I also hope that the following isnt true, please tell me you arent ignoring the advice of the CESG & other security professionaqls & insisting that 'your way is the best way, because thats how you do it' ?
This is exactly how security breaches happen, in much the same way that your email servers dont use any security either. Are we really supposed to just accept this?
Given how lapse the security is & the now advertised risk you are presenting to your users, you seem to be painting an awfully big liability target on your back should anyone lose out if your databases of passwords or other information is ever compromised
