The Web Services Report

Read all 'Passwords' posts in The Web Services Report
November 28, 2008 4:27 PM PST

A call for the end of plain text passwords

by Harrison Hoffman
  • 3 comments

One of the many examples of plain text passwords being transmitted through email.

Nothing strikes fear into our hearts like seeing one of our secret passwords, that we have guarded with our lives (well, maybe not so much), displayed in plain text. Even though you would be hard pressed to find anyone who approves of the practice, we find many websites that greet their new users with an email containing their super-secret password. As you open that email you almost feel betrayed. The password that you have worked so hard to protect is right there in front of your eyes.

Even if there is no significant security risk to transmitting passwords via plain text, it gives users the impression that security is not a top priority for the creators of the site. There is no reason for this practice to still be in existence today. Good password management technology for websites is very prevalent. If you can't build a proper password system for your site, just opt for using OpenID or another similar service.

I propose that all sites should have an automated password reset system that either allows the user to create a new password from an authentication link or through a one-time use password, sent to their email. Plain text passwords should never be displayed or sent through email.

No more excuses. Let's squash this lazy practice once and for all.

Topics:
Opinion
Tags:
Internet Security,
Passwords,
Email
Share:
Digg
Del.icio.us
Reddit
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About The Web Services Report

Harrison Hoffman is a tech enthusiast and co-founder of LiveSide.net, a blog about Windows Live. The Web Services Report covers news, opinions, and analysis on Web-based software from Microsoft, Google, Yahoo, and countless other companies in this rapidly expanding space. Hoffman currently attends the University of Miami, where he studies business and computer science.

Send Harrison an e-mail.
Follow Harrison on Twitter.
He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure

Add this feed to your online news reader

The Web Services Report topics

Most Discussed

advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET