 |
| from here (source image) |
thanks to dave lewis for tweeting this insanity. the password has a maximum length and can't contain special characters? yeah, that's because they're storing the passwords in plaintext - the database field has a space limit and special characters could lead to a SQL injection.
if they hashed the passwords like they're supposed to, neither of those problems would be an issue. and this from a supposed security company? more like an insecurity company. holy crap.
3 comments:
This is so if you forget it they can email it to you.
and that is precisely the WRONG way to deal with forgotten passwords.
send a link (that can only be used once) to a change password feature rather than send the original password.
Ah, yes, well, you missed the next four lines of my comment because I used angle-brackets, which is not good here.
{facedesk}
{facedesk}
{facedesk}
{facedesk}
Post a Comment