The Perils of Passwords in Plain Text…
While talking with friends, I recently learned of some passwords being accessible in plain text in one of the applications that many of us have used at one point or another.
As time goes on and we have more and more hacked accounts and security breaches, I would hope that administrators and developers would grow smarter and not store passwords in plain text or make passwords available in plain text.
However, one of these guys just didn’t get it. When I brought up the issue to someone who’s familiar with the application, I got the “well why shouldn’t the admins see these passwords in plain text?” type of response. Really?!?
To me… if that password is stored in plain text, it’s only a matter of time before the system is compromised and that flaw in storage becomes an even more obvious flaw. If a password is getting delivered in plain text, why? Why isn’t there some sort of password reset mechanism so that the user/admin can reset the password without dealing with plain text passwords in emails?
I’m curious to see… what are your views of passwords and plain text? Do you personally think that your passwords should be shown in plain text to anyone? If so, who and why?