Wednesday, August 01, 2012

Lessons in website security anti-patterns by Tesco

Troy Hunt: Lessons in website security anti-patterns by Tesco is pretty entertaining. It starts from this tweet: "Passwords are stored in a secure way. THey're only copied into plain text when pasted automatically into a password reminder mail."

There's a lot of irony in the article so if you're not particularly knowledgable on the topic you might miss some of the snark. If passwords are really stored securely they wouldn't be able to email them to you when you forget them, instead they would create a new (one use) temporary password and send that to you and then make you create a new one as soon as you login.

No comments: