Hacker News new | past | comments | ask | show | jobs | submit login

In this example, it was "just a blog" but there are serious sites that will email you your plain text password too. Verio stores two way encrypted passwords and domains are important to some people and they do get stolen and they are valuable, so this is a serious issue.

Security is very difficult. You can't treat it glibly. Your users deserve more respect than that.




Sure, anything that has sensitive information about you needs to treat security as a priority.

Most web apps (other than banks and people that store credit card data (not process)) are probably fine. right?


That would be right if people didn't use the same email and password as their paypal account everywhere... But since a lot of people do, getting the security right on your web app is important.


aditya, from a developer perspective, I cannot think of any reason to ever store recoverable passwords in a database. It's just too easy to do a one way hash.

Okay, there is only one reason, if you are building a system that allows the storage of multiple accounts and passwords that are "re-used" like in some browsers' auto-complete feature. Then the concern is security of the local machine and if you use that technology, you're increasing your personal risk.

In the scenario I mention there, it is absolutely imperative to use an advanced two-way encryption algorithm. In that case, the hacker will need to compromise the database and the code, which should be obfuscated as well so the decryption keys are more difficult to discover.

There are some hackers who will always be able to hack you and some that will never be able to hack you. It's a probability game and you want to reduce the probability as much as possible that anyone will get in...


Really?

I have a dozen of reasons to have the passwords recoverable - when the angry big customer is having problems with the application and you need to access his account to reproduce the issue being on a level 4 support, you really want to have the password straight away, and there are many other scenarios, like when you need to test something on a production server with some real data but cannot get access to any accounts as it takes years in a big corp to have something done.

So from a developers perspective - as opposed to business/marketing side - i cannot think of any reason to ever store unrecoverable passwords in a database. Makes it easier to implement, easier to restore, easier to maintain, easier to test.


No, it's not fine. As the commenter above you said, your users deserve more respect than that. Most users, particularly unsophisticated users, re-use the same passwords across most or all of their accounts. It's a bad practice, but they do this because (amount other reaons) they expect that the people who run the websites they use would have the minimum respect and courtesy to treat the passwords with a reasonable standard of care.

Storing the password unhashed (encrypted or plaintext) is NOT a reasonable standard of care.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: