undefined | Better HN

0 pointsalexmuller14y ago0 comments

Not exactly a list, but: http://plaintextoffenders.com/

0 comments

As I'm sure you noticed, many of those sites are putting the password in the welcome/verification email, but this is not the same as actually storing it as plaintext in their database. The thing to look out for is your old password in password reset emails, not welcome emails.

And another one to add to the list: my brother's small business uses British Telecom for email hosting. Their control panel stores the password in plaintext.

alinajaf14y ago

> The thing to look out for is your old password in password reset emails, not welcome emails.

What's the use of encrypting your passwords when you're broadcasting them to every mail server between your and your customer?

j / k navigate · click thread line to collapse

0 comments

robtoo14y ago

And another one to add to the list: my brother's small business uses British Telecom for email hosting. Their control panel stores the password in plaintext.

alinajaf14y ago

> The thing to look out for is your old password in password reset emails, not welcome emails.

What's the use of encrypting your passwords when you're broadcasting them to every mail server between your and your customer?

j / k navigate · click thread line to collapse