quickview

6 Password Security Essentials For Developers

Mathew J. Schwartz

See more from
Connect directly with : Bio  |  Contact

Solving the weak password challenge requires more than having consumers create strong passwords. Many businesses also need to get a clue about what counts as safe, weak, encrypted, or secure

By Mathew J. Schwartz |  InformationWeek, August 17, 2012

Does one of the world's largest grocery chains have a clue when it comes to online password security?

That's one obvious question after London-based Web developer Dan Blows tweeted his discovery that grocery and merchandising retailer Tesco--based on its revenue, the fourth-largest retailer in the world--"stores their website passwords unsalted, and emails them unencrypted."

What's wrong with that? In the eyes of information security experts, emailing plaintext passwords to customers undercuts any other password security mechanisms that might be in place. Plaintext passwords can be intercepted by wireless data sniffers, retrieved from PC hard drives, often intercepted using Firesheep, or lifted from hacked email accounts.

...
Read full story on InformationWeek
Mathew J. Schwartz

See more from
Connect directly with : Bio  |  Contact

Related Reading

News

Commentary

Most Popular

On the Web

More On the Web»

Slideshow




InformationWeek encourages readers to engage in spirited, healthy debate, including taking us to task. However, InformationWeek moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. InformationWeek further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.