218
this post was submitted on 09 Feb 2024
218 points (97.4% liked)
Technology
58137 readers
4475 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Still, 2024 and they’re storing plaintext passwords?
I once had a professional licence that required me to register a whole bunch of personal info to a government website. I used a password generator to create a 32 character password when creating my account.
I tried to login after creating my account but my password wouldn't work. I hit "forgot my password" and got my password emailed to me in plain text. That alone was worrisome but then I realized my password wasnt working because they truncated it to 8 characters, which I'm assuming is the maximum password length.
I emailed their tech support about my concerns and they emailed back asking if I needed help to login. I said no, I had concerns over security and I never got a reply back. Every few months I'd hit "forgot my password" to see if anything changed. I always got my password emailed to me in plaintext.
Why in the hell are government and bank logins literally the least secure logins I have??
My bank doesn't let you set an actual password, only a 6 digit pin, and the only 2FA available is SMS codes. I have better security on Lemmy than I do for my fuckin' financial institution!
Yea, they do seem to be some of the worst offenders