We wrote about PlainTextOffenders.com years ago but still continue to tweet it every so often just as a reminder. Someone on Twitter recently pointed out their hilarious Developer FAQ. Below are the first three but click the link at the bottom to see the entire list.
via Plain Text Offenders
We’ve rounded up a list of commonly asked questions by developers:
1. Why is storing a plain-text password bad?
We are not perfect, and as a result, the software we make is not perfect. It can – and probably will – be hacked at one point or another. Users use the same password for most of the services they use (let’s be honest, you do this too), so when your product gets hacked, you will be exposing your users to having most of their online accounts stolen.
2. But I need / Customer Service needs to see the password!
No, nobody should be able to see this information because it’s not yours to see. It’s your users’ information which they use to identify themselves to your product.
3. But I need to comply with [insert standard name] and it requires I have plaintext passwords!
No, your standard is a sham! No standard would ever require you to comply by such security anti-patterns. If they insist, send them our way and we’ll give them a good talking-to.
Today’s post pic is from PixaBay.com. See ya!