Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
nikmanG15287yI’ve said it once I’ll say it again, that sort of shit is what gets you on the front page of tech news within a month “Company X just had Y million accounts stolen with unhashed passwords and other information they shouldn’t keep in plaintext” (and of course haveibeenpwned will get a new entry)
-
c3ypt1c96547yHack Brief: Hackers Steal 15M T-Mobile Customers' Data From Experian
https://wired.com/2015/10/...
(they need to shut the fuck up) -
nikmanG15287y@c3ypt1c that was 2015. Been like 3 years, which is good timing if your mouth is that big.
-
VXYZ677yThat's insane lol, I wonder why they would do that. Especially with things like phone numbers being used to login to major sites like Facebook, and then you just cross check the passwords. Pretty foolish, but I honestly doubt they store them in plain text.
-
@VXYZ if they would store them encrypted there would be no possibility to decrypt them to show the first letters.
Except if they store the first few letters separately in plain text which would be also bad or if they use some synchron encryption with a key on their side which would be evil as well. -
plokko5807yThat's not only about security but also about privacy:
Even if you use different passwords for each service (something most of us don't do) you may use similar password patterns so you expect your password to be unreadable even for sysadmins or someone can misuse that info to breach into your other accounts -
arekxv10527yThere are only two types of systems:
Ones that have been hacked, and ones which haven't been hacked yet. :) -
plokko5807y@py2js ...instead of enforcing useless and boring popup if you use cookies like it was a kind of wodoo/evil black magic sort of thing
-
kLue2087yTheir PR rocks !!! "our security is amazingly good" ITS AMAZINGLY TRASHY when they store pw's in plain text ........ amazing saturday to wake up in :D :D :D
-
donuts236727y@maushax this is literally the answer i gave in my tech interview just now when they asked me a question about how to store passwords...
I m like... well i havent done it for years but i remember you set a passphrase and u use a SALT hasing function to encrypt the plain text password so when user logs in you check the hashed value against the hhashed value stored in DB.
Did i get that right?
Omg...
T-Mobile AT was asked, why they store passwords in plain text, and in a long discussion, they answered this (see img)
I don't know, if this is a late april fool...
rant
wtf why tmobile at