Hacker News new | ask | show | jobs
by ninja_to_be 3974 days ago
A few examples of unacceptable practices followed by certain websites include:

- Sending your password to your email in plain text. - Allowing user to set new password just by answering simple personal details like DOB, Zip code etc which might be known to a number of your friends and family members.

Often it is simple enough to implement a password reset functionality with a reset-link that contains a GUID which expires after a certain period of time. It could be more secure, but is a tradeoff between providing greater security and a longer reset process.

One of the major risks of websites with very naive reset procedures is that many people use the same password with multiple websites. So if a user's password gets compromised on a site, then the attacker can easily try those passwords with other services and gain easy access to user data.
1 comments
LunaSea 3974 days ago
The real issue with getting your plain text password in an email is that it means the site is not hashing passwords at all.
link
otherusername2 3974 days ago
Only if the send you your old password. If they reset your password, they can send you the plaintext first, then hash the password and store it in the database.
link
jlarocco 3974 days ago
No. The problem is that email isn't encrypted on the backend. Sending a plain text password means every server between the website's SMTP server and your email provider's SMTP server can see the password.
link
NeutronBoy 3974 days ago
As opposed to what? Every server between the website's SMTP server and your email provider's SMTP server can see the password reset link?
link
ajanuary 3974 days ago
When implemented correctly, password reset links

a) Work once. If you click on a password reset link and it says it's already been used, you know something is up, v.s. someone using the plaintext password to log in before you and you are non the wiser.

b) Expire. Lot's of people won't bother changing the password that was given to them, so anyone who comes across a plaintext password in the email at a later date would be able to log in.

link
NeutronBoy 3974 days ago
Both of these things can be true with temporary plaintext passwords.
link
shkkmo 3974 days ago
Not quite true. A properly configured email server sending email to another properly configured email server should be using TLS to send the message:

http://superuser.com/questions/260002/why-are-email-transfer...

That still doesn't mean you should count on emails being encrypted between servers.

link