[danpalmer]

In the 1980s I don't think hashing passwords was common, it would have taken too much processing power, and the database fields on the mainframe don't support weird characters or a length of more than 8 characters.

I wish this wasn't the case, but these systems are so old behind the scenes, that lots of it simply can't be changed without massive re-engineering. I have friends that work for a company who transfer COBOL applications from mainframes to JVM COBOL running on standard servers, it's a massive task, and takes years and lots of money.

[crbaker]

It will take these organisation years and lots of money to rebuild their reputations when their security malpractices catch up with them.

[danielweber]

I would love this to be true, since it would basically double my net worth, but it's very rare for a security incident to kill a company. Target is the exception, and just required two human sacrifices.

[danielweber]

It was standard to hash passwords in /etc/passwd back in the 1980s.

Still, when you pin code is limited to 1 million combinations, all the hashing in the world isn't going to save you. You need to keep your DB secure, no matter what, and that's where resources were applied.