OT: Unhashed passwords

Myles Braithwaite me-qIX3qoPyADtH8hdXm2+x1laTQe2KTcn/ at public.gmane.org
Tue Jul 5 14:38:59 UTC 2011


On Tue, Jul 5, 2011 at 9:43 AM, Tyler Aviss <tjaviss-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> Anyone know if there's a listing of sites/domains that keep user passwords
> in an unhashed form?
>
> I just noticed that webex has a link to retreive (not reset) my password.
> Sad to see that decent-sized companies often still haven't figured out the
> simply security precautions that I've seen in even tiny startups.
>
> It would be nice to keep track of such places so that I can ensure using a
> more "throwaway" variety of passwords...

Not really most web sites don't say if they are hashing their
passwords or ever what hash they might use.

Plain Text Offenders <http://plaintextoffenders.com/> is a good place
to start by looking at services that will send you a email with your
password unencrypted. The "offenders" probably are store your password
in plain text.

-- 
Myles Braithwaite
http://mylesbraithwaite.com | me-qIX3qoPyADtH8hdXm2+x1laTQe2KTcn/@public.gmane.org
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list