25

When you find out your password is unencrypted.

Comments
  • 15
    This is a headline waiting to break "all password data stolen from Aviva, a spokesperson said 'all customers are screwed'"
  • 18
    Passwords should never be encrypted. They should be salted and hashed. A bit of a nitpick I guess.
  • 6
    So who wants to bet they also don't validate their inputs and don't use prepared statements?
  • 5
    @iguana Oh, yeah, you're right. Don't know why I said encrypted! That's a bad idea when it comes to storing passwords.
  • 1
    Can't help but think this also means they're using string concatenation to build the insert sql, which is an injection waiting to happen
  • 0
    Unfortunately even some big finance companies store passwords unencrypted ...
Add Comment