You’d think, with all the recent hype about security scandals, missing briefcases and phishing attacks, people would be just a little bit more sensible about how they deal with usernames and passwords.
The correct way to do things…
You sign up for a site, your password is transmitted securely and encrypted in a store. There is no way to ‘retrieve’ a forgotten password, that is it, it will enver come out of the database in a readable format. To reset your password in this scenario, you receive a new, randomly generated password, after providing some details – something of that sort.
The wrong way to do things…
You sign up for a site, check your inbox, and find an email: ‘Dear user, thank you for signing up with us. Your username is JoeBloggs and your password is paSSword25. We hope you have a secure inbox, because we don’t have a secure system!’ (I added the last bit)
Your email, sent unencrypted in most cases, could easily be intercepted. Intercepted, and assuming you’re human like the rest of us, the hacker has access to a great many, if not all of, the sites you’ve ever signed up to, along with whatever details you have submitted to them.
What’s more, the database itself has a reversible encryption method (or just stored in a plain-text file, maybe? Why make it difficult after all…) – so a dedicated hacker can take all of those lovely passwords.
The message to developers – if you’re setting up a username and password system, there is no excuse not to research security. If you email me my password, then I will put you in my blacklist, which is available here.