Skip to main content

The shock of seeing your password in clear text

Posted by zarar on August 22, 2006 at 5:50 AM PDT

A sick feeling encompasses my soul, a wretched sickness comes over me as I sit there staring at this violation of even the simplest of courtesies. I examine it closely and sure enough, it is there, in clear text mocking me, laughing at me, just as I had typed it - letter for letter, digit for digit. No sense of regard showed on the part of the offender, in this case XDoclet's JIRA.

password-o-meter.jpgSo hard have I worked to come up with a word at least eight characters long, containing a digit, an uppercase letter, a symbol and one that I won't forget and you have to ruin it all by sending it to me in clear text over email? Especially even when the password-o-meter told me I had chosen a great password. Why, I ask, Why?

The first thing that comes to mind is that this sacred phrase is most likely stored in a cheap MySQL database without being md5'd. This alone is enough to warrant public execution but I'll let this pass as we live in times where acts of such vileness are tolerated. Who has access to my sacred word? Well, in this case it's the JIRA admin. I know he's (she's?) sitting there on those lonely nights just going through the list of the poor souls he has seduced into supplying him with the key to their lives. I've also been naive (stupid?) enough to supply the same password I use as for my email, youtube, home computer and most importantly bank. Yes, it is my fault, I have shown too much faith in common technology courtesy and will be punished for it by the JIRA admin finding out all about my porn stash.

My best judgment on why these sites don't encrypt passwords is because a) they're lazy, b) they don't know how, c) they want the user to have a copy of the password in case they supplied a really made-up one and will forget it instantly. Let

Related Topics >>