Thread: liability for storing member passwords unencrypted?
View Single Post
Old 12-11-2014, 07:01 AM  
aka123
Confirmed User
 
aka123's Avatar
 
Industry Role:
Join Date: Jul 2014
Location: 64 00 N, 26 00 E
Posts: 4,450
Quote:
Originally Posted by pompousjohn View Post
I don't know how they are stored, but I all the systems I use allow me to see the passwords of surfers.

Nats, Netbilling, allow me to see it. I just realize I mis-spoke regarding Mechbunny, I cannot see the password there (5.0.6). The camscript also hides it.

My point is that all the passwords secure is my content. So I don't know what my liability to the user is if someone gets ahold of "his" password and sees MY content. I mean sure that's potentially a loss for me, but what are the user's damages? I am guessing zero?
Users damages? I am not security expert, but based on main media news the urser's damage is that the hacker uses the password to all other services where that user has the same password. I don't know about your country, but in many countries you also have oblication to tell to customers that their passwords were stolen. I don't see that being so good for your business.
__________________
aka123 is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote