Bad Password Security

Twice recently I had to use the “I forgot my password” feature on websites. Normally I keep my login information in Password Safe but forgot to add these two sites. The two sites I am talking about are The Great Courses (aka The Teaching Company) and University Alliance. Why do I mention these sites? Because of bad password security.

When I used the forgot password option on both of these sites I received an email, in clear text (no encryption) with my password. Sensitive information should NEVER be sent via clear text email, and passwords should be stored as a hash+salt. I sent emails to both sites, but not expecting them to do much. Any component programmer or IT security person should have know this was bad and never allowed it to take place.

Bad companies, BAD!

Tags: , , ,

Comments are closed.