Plain Text Offenders FAQ

HelpWe wrote about PlainTextOffenders.com years ago but still continue to tweet it every so often just as a reminder. Someone on Twitter recently pointed out their hilarious Developer FAQ. Below are the first three but click the link at the bottom to see the entire list.

via Plain Text Offenders

We’ve rounded up a list of commonly asked questions by developers:

1. Why is storing a plain-text password bad?

We are not perfect, and as a result, the software we make is not perfect. It can – and probably will – be hacked at one point or another. Users use the same password for most of the services they use (let’s be honest, you do this too), so when your product gets hacked, you will be exposing your users to having most of their online accounts stolen.

2. But I need / Customer Service needs to see the password!

No, nobody should be able to see this information because it’s not yours to see. It’s your users’ information which they use to identify themselves to your product.

3. But I need to comply with [insert standard name] and it requires I have plaintext passwords!

No, your standard is a sham! No standard would ever require you to comply by such security anti-patterns. If they insist, send them our way and we’ll give them a good talking-to.

Continued here.

#####

Today’s post pic is from PixaBay.com. See ya!

3 comments for “Plain Text Offenders FAQ

  1. July 2, 2014 at 10:04 am

    Plain Text Offenders FAQ http://t.co/tLHYnGKTpX

  2. July 2, 2014 at 10:34 am

    Plain Text Offenders FAQ http://t.co/w6qYliVGLV

  3. July 2, 2014 at 11:27 am

    BLOGGED: Plain Text Offenders FAQ http://t.co/ic0rl0lgLx

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.