"Valued Opinions" website and security of password information

Forums › IT Pro and developers › "Valued Opinions" website and security of password information

jonathan18

7415 posts

Uber Geek
+1 received by user: 2850

ID Verified

Trusted

#111367 31-Oct-2012 21:26

Hi

I'm unsure if any other readers have come across the "Valued Opinions" website; basically you earn some form of credit for completing surveys. Now, I went ahead and created an account on the site with an awareness of the degree of information such a site ends up collecting on an individual, but I was surprised by one key thing - the password I entered was included in the email that confirmed my membership.

How kosher is this practice? I understand the risks inherent in sending such sensitive information over an insecure form such as email, but does this also necessarily mean that the password itself hasn't been stored encrypted?

Cheers
Jonathan

itxtme

2102 posts

Uber Geek
+1 received by user: 557

#710082 31-Oct-2012 21:45

It doesnt mean its not encrypted, but encryption is reversible hashing is meant to be irreversible, and it doesnt mean that hasnt occured. Before they hash and save a password they can hold that variable to use in the email, and then discard it. You are right, it is poor practice but we can only speculate on their security measures...

jbard

1377 posts

Uber Geek
+1 received by user: 17

#710110 31-Oct-2012 22:21

Having just signed up and then followed the "Forgotten my password link"

I can confirm my password was sent to me in the email so either they are storing passwords in plain text or reversible encryption.

Either one is shocking security practice and I would delete your account or at the very least change your password.