The Perils of Passwords in Plain Text…

While talking with friends, I recently learned of some passwords being accessible in plain text in one of the applications that many of us have used at one point or another.

As time goes on and we have more and more hacked accounts and security breaches, I would hope that administrators and developers would grow smarter and not store passwords in plain text or make passwords available in plain text.

However, one of these guys just didn’t get it. When I brought up the issue to someone who’s familiar with the application, I got the “well why shouldn’t the admins see these passwords in plain text?” type of response. Really?!?

To me… if that password is stored in plain text, it’s only a matter of time before the system is compromised and that flaw in storage becomes an even more obvious flaw. If a password is getting delivered in plain text, why? Why isn’t there some sort of password reset mechanism so that the user/admin can reset the password without dealing with plain text passwords in emails?

I’m curious to see… what are your views of passwords and plain text? Do you personally think that your passwords should be shown in plain text to anyone? If so, who and why?

3 thoughts on “The Perils of Passwords in Plain Text…

  1. chris bumgarner says:

    Concur. Admins don’t need to see cleartext passwords; they’re admins, they have super powers. Putting passwords in plain text for the sake of the admins just doesn’t make any sense.

    Passwords should never be stored in cleartext, they should be hashed and salted. Nor should passwords be sent over a network in cleartext. I can’t believe how many web sites still store usernames/passwords in cookies. Or how many web apps store the administrator password in a plain-text file on the server (how do these people have jobs?).

    One less common mistake is to store the passwords used in failed log-in attempts in plain text system logs. An attacker could view the logs and gain a lot of information about the password.

    I’m surprised you even had to have this discussion. Plain text passwords should not be the default option.

  2. Austin Z says:

    Tracking down these sort of things is one of the goals of a solid PCI audit; I actually had someone find a password inside un-reclaimed space for a virtual machine ( had to be found by sniffing the raw disk ). So the moral of the story is:
    If you leave passwords in plain text anywhere, someone who shouldn’t have them can ( and probably will ) find them.

    Study the anatomy of a great hack; it is not one fell swoop of cracking a system, but a relentless game of inches, compromising one part of the system after another until the whole thing is owned. Small system passwords open the door of access to the next set of exploitable code.

  3. Bill H says:

    I absolutly agree that passwords should never be stored in plaintext. The original Q was “passwords should be shown in plain text to anyone?”. I know of one web monitoring system that encrypts the passwords that users enter, and only decrypts it for members of the company’s Fraud Investigation teams. In one instance the Fraud Team forensically deconstructed a hacker’s attempts to gain access to a pro athlete’s bank account by repeated variations of publicly available information about the guy. So I would put out there that while I personally feel quesy about a Fraud Team member being able to see my password to their company’s web site, there is an argument to be made that the ability to decrypt and see a password is necessary for investigation of criminal activity.

Leave a Reply

Your email address will not be published. Required fields are marked *