The other day I called a large company that maintains my personal and credit card information (along with that of about five million other Americans) and learned that the customer service agent could help me login to my account by telling me the password that I had previously set. Surprised, I asked "You can see my password?", to which she replied "I can see everything!"! (I know that these exclamation marks look silly, but they really did occur on both ends.)
I'm amazed that any organization, especially one involved in e-commerce, would store passwords as clear-text. Maybe there isn't enough written about this flawed approach to password management. I was able to find some blogs extolling the virtues of storing passwords as hashes, but only a couple of professional sites that go into any real detail:
- http://msdn.microsoft.com/msdnmag/issues/03/08/SecurityBriefs/
- http://phpsec.org/articles/2005/password-hashing.html
This makes me wonder how many other online retailers store passwords in the clear, and what we can do about educating developers and their organizations about this practice.
It's possible the passwords are *stored* encrypted... but then *conveniently decrypted* for any CSR who happens to want to see them. ;-)
True, I have to admit that this didn't occur to me. I believe that the best practice is to store hashed passwords and also maintain a set of password recovery questions and answers for this type of use. I think of passwords as something only known by me and used by systems for authentication only--if only the world were so perfect.
Post new comment