Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Unencrypted passwords!
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Unencrypted passwords!
Unencrypted passwords!
19-01-2012 9:04 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
So, why I was on the forum I thought I'd see if was still getting any referals, but had forgotten my password.
Click the link, and it shows you your password! WTF!
Why are you storing customer passwords in plaintext!
Ben
Click the link, and it shows you your password! WTF!
Why are you storing customer passwords in plaintext!
Ben
4 REPLIES 4
Re: Unencrypted passwords!
19-01-2012 9:30 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As far as I'm aware the passwords are *not* stored in plain text, they are encrypted and the link you are sent via email will show you the unencrypted password when clicked.
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Re: Unencrypted passwords!
19-01-2012 9:41 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Chris As far as I'm aware the passwords are *not* stored in plain text, they are encrypted and the link you are sent via email will show you the unencrypted password when clicked.
Which would mean the encryption key is available to the webapp, so may aswell not be encrypted. Anyone who gets access to the web servers can decrypt all the passwords anyways.
Certainly not best practice, it should be one way encrypted and a forgotten password link should allow a new password to be set.
Ben
Re: Unencrypted passwords!
19-01-2012 9:57 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi Ben,
The one way encryption is something we have thought about and looked into, but due to the way that passwords sync across mail, webspace, adsl etc it's a very very very large piece of work as every password reset would then have the likelihood of a call into the support centre.
The one way encryption is something we have thought about and looked into, but due to the way that passwords sync across mail, webspace, adsl etc it's a very very very large piece of work as every password reset would then have the likelihood of a call into the support centre.
Former Plusnet Staff member. Posts after 31st Jan 2020 are not on behalf of Plusnet.
Re: Unencrypted passwords!
19-01-2012 10:17 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
A significant problem is that the same password is used for the portal and for the login in your router. Reset the portal password with a forgotten password link and if they try a reconnect without resetting the password in the router and they will not be able to connect.
However there is an even worse problem than that. Resetting the portal password will also reset the password on their default mailbox. This means they won't be able to collect the email to find out what the new password is!
However there is an even worse problem than that. Resetting the portal password will also reset the password on their default mailbox. This means they won't be able to collect the email to find out what the new password is!
jelv (a.k.a Spoon Whittler) Why I have left Plusnet (warning: long post!) Broadband: Andrews & Arnold Home::1 (FTTC 80/20) Line rental: Pulse 8 Home Line Rental (£14.40/month) Mobile: iD mobile (£4/month) |
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page