6 Password Security Essentials For Developers
Solving the weak password challenge requires more than having consumers create strong passwords. Many businesses also need to get a clue about what counts as safe, weak, encrypted, or secure
Does one of the world's largest grocery chains have a clue when it comes to online password security?
That's one obvious question after London-based Web developer Dan Blows tweeted his discovery that grocery and merchandising retailer Tesco--based on its revenue, the fourth-largest retailer in the world--"stores their website passwords unsalted, and emails them unencrypted."
What's wrong with that? In the eyes of information security experts, emailing plaintext passwords to customers undercuts any other password security mechanisms that might be in place. Plaintext passwords can be intercepted by wireless data sniffers, retrieved from PC hard drives, often intercepted using Firesheep, or lifted from hacked email accounts....