Hacker News new | ask | show | jobs
by invisiblea 2765 days ago
That list is very out of date. One of my clients appears on there and when we took over in 2012 we encrypted all their user credentials.
3 comments
whyever 2765 days ago
Their FAQ [1, 2] suggests that using an encrypted password still warrants an entry.

[1] http://plaintextoffenders.com/faq/devs

[2] http://plaintextoffenders.com/faq/non-devs

link
ygra 2765 days ago
Encrypting passwords isn't really much better, though, is it? It's still reversible as there has to be a key somewhere.
link
bausshf 2761 days ago
Well you took over and did a terrible job.

Hash passwords, not encrypt.

An encryption is reversible, a hash result isn't.

link