Omg...
T-Mobile AT was asked, why they store passwords in plain text, and in a long discussion, they answered this (see img)

I don't know, if this is a late april fool...

I’ve said it once I’ll say it again, that sort of shit is what gets you on the front page of tech news within a month “Company X just had Y million accounts stolen with unhashed passwords and other information they shouldn’t keep in plaintext” (and of course haveibeenpwned will get a new entry)

Hack Brief: Hackers Steal 15M T-Mobile Customers' Data From Experian

https://wired.com/2015/10/...

(they need to shut the fuck up)

@nikmanG this already happened

@c3ypt1c that was 2015. Been like 3 years, which is good timing if your mouth is that big.

...

@MurmeltierS they deserved to get hacked again for that attitude.

this literally can cause you to rant in ultra instinct

Oh dear, I use T-Mobile.

That's insane lol, I wonder why they would do that. Especially with things like phone numbers being used to login to major sites like Facebook, and then you just cross check the passwords. Pretty foolish, but I honestly doubt they store them in plain text.

@VXYZ if they would store them encrypted there would be no possibility to decrypt them to show the first letters.
Except if they store the first few letters separately in plain text which would be also bad or if they use some synchron encryption with a key on their side which would be evil as well.

@Root does this mean that the root password os stored om clear text? 😰

That's not only about security but also about privacy:
Even if you use different passwords for each service (something most of us don't do) you may use similar password patterns so you expect your password to be unreadable even for sysadmins or someone can misuse that info to breach into your other accounts

Storing passwords in hashed form only should be a rule

@py2js You mean a law?

@finiteAutomaton yep yep law, strict law. Sorry for wrong words

There are only two types of systems:
Ones that have been hacked, and ones which haven't been hacked yet. :)

@py2js ...instead of enforcing useless and boring popup if you use cookies like it was a kind of wodoo/evil black magic sort of thing

Their PR rocks !!! "our security is amazingly good" ITS AMAZINGLY TRASHY when they store pw's in plain text ........ amazing saturday to wake up in :D :D :D

Kathe is a recruiter really.

Oh my word. Someone please tell me this is a joke... 🙈

Just going to leave this here https://mobile.twitter.com/hanno/...

@nikmanG omfg this is ridiculous

Austrians...

20 minutes before disaster

@maushax this is literally the answer i gave in my tech interview just now when they asked me a question about how to store passwords...

I m like... well i havent done it for years but i remember you set a passphrase and u use a SALT hasing function to encrypt the plain text password so when user logs in you check the hashed value against the hhashed value stored in DB.

Did i get that right?