Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

unencrypted password reminder

  • 21-05-2011 4:51pm
    #1
    Registered Users, Registered Users 2 Posts: 41


    Hi All,

    I requested password for my online account on tesco.ie. and they sent me my username and original password!!


    What if their website is compromised, hackers will access to my details and passwords too.

    I know no website is safe, atleast not almost all, but many do some kinds of encryption like MD5 etc. where passwords are hashed and could not be reverted to original password.

    are these companies doing enough to protect the privacy of their customers in event like 'sony ps'?

    Should I delete my account on the websites,

    regards


Comments

  • Closed Accounts Posts: 14 Sigtran


    In some EU countries it is illegal not to NOT have passwords available in an unencrypted form :) I think France, UK & Ireland are on that list :) not sure about any others tho. In any case, if they are saving it in an unencrypted form, then yes, if the site is compromised, you password/username/whatever else they have on that DB will be known to the attackers.


  • Registered Users, Registered Users 2 Posts: 41 greenhouse1234


    Sigtran thanx for clairty.

    Atmost I ll delete my details from their website
    I ll contact Tesco and see what they say about their "privacy policy".



    regards


  • Registered Users, Registered Users 2 Posts: 295 ✭✭montreal2011


    Sigtran wrote: »
    In some EU countries it is illegal not to NOT have passwords available in an unencrypted form.

    In some EU countries it is illegal to have passwords available in an unencrypted form.

    Is this what you mean? If so,Tesco are not only lax but breaking the law. Good spot by greenhouse. I would expect that many companies are not taking proper care of data, such as an company that used the same developers as Tesco!


  • Closed Accounts Posts: 14 Sigtran


    @montreal2011 no, its illegal to encrypt passwords and not have a decrypted version somewhere. In Ireland/UK there is a law that requires you to unveil you password, if asked (tho it doesnt say which way you should store it, it would be illogical to store both versions. P.S. I only store encrypted passwords and that is breaking the law). I wouldnt be able to point at the act itself, as I dont remember exactly where it can be found, but it is there. In France its illegal to even encrypt most of the traffic (*banking applications /etc are still encrypted). In US, If they pass Obama's wiretap bill, every Internet application, web site DB /etc will have to be decryptable (e.g. law enforcement either has to have a decryption key, or it has to be a weak cypher, or your company is going to be bum banged).


  • Registered Users, Registered Users 2 Posts: 1,456 ✭✭✭FSL


    Hi All,

    I requested password for my online account on tesco.ie. and they sent me my username and original password!!


    You asked for your password. If they had sent you it in encrypted form it would have been of no use to you at all.


  • Advertisement
  • Closed Accounts Posts: 14 Sigtran


    @bedlam thanks for giving clear reference :) I was close enough :P read these back in the day, so some things have changed, but not drastically.

    @FSL there is usually a reset password form made :P


  • Registered Users, Registered Users 2 Posts: 1,456 ✭✭✭FSL


    [QUOTE=S
    @FSL there is usually a reset password form made :P[/QUOTE]

    To use a reset password form you require to know your existing password otherwise anyone could reset your password.


  • Closed Accounts Posts: 14 Sigtran


    @FSL nah, all you need is set it up, so it will send you a reset link to the registered e-mail, or ask for an answer to the secret question, or both. 100% tested and works just fine in 99% of cases (of course there people who dont know their e-mail address/passwords either, but come on!). What you are talking about is mostly used for changing password, not forgetting password forms.


Advertisement