Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Phred (5358)

Phred
  fredNO@SPAMtaperfriendlymusic.org
http://www.redhotpenguin.com/

Fred is a Perl and PostgreSQL geek. He has made some very small contributions to a few cpan modules and mod_perl.

Journal of Phred (5358)

Monday April 28, 2008
12:03 PM

Typepad password blunder

[ #36260 ]

I discovered today that TypePad.com is another website that if you request a password reset, they send you your current password in plain text, which means it is either stored unencrypted in their database, or it is encrypted symmetrically (whoever steals their key gets all the passwords for the price of one).

Everytime I see someone do this I am alarmed. My password shouldn't be in plain text anywhere except on my computer (here it is in plain text going over the wire and possibly in their database also). TypePad is a professional web service with millions of users, and they don't have a password recovery system that even pretends to be secure?

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.