Mike Walker
Contributor
I'm currently in the process of improving my personal password practices which involves creating unique randomized passwords for every site.
While updating my password for Aggressor, however, I ran into something interesting: my old password displayed back to me in clear text completely unprompted. This is a very, very bad indicator and suggests that their site is storing passwords either unencrypted or with reversible encryption and potentially poses a security risk for everyone who uses the site (i.e. if they get compromised your password is now freely available to whomever did the hack - if you've reused that password you then have big issues; Also, their staff can potentially view your password.). One has to wonder if credit card data is treated similarly?
Anyways, they would hardly be the first to do this... reality is, your data is probably already compromised by one of the many breaches that have happened in the past from much bigger companies (if you do reuse passwords). The process to fix this is labour intensive (and what I'm doing right now). But, for those concerned with password best practices and general online security you may want to review what data you have stored in their system.
(Happy to be proven wrong here, but on the surface it does not look like good practices are being followed)
While updating my password for Aggressor, however, I ran into something interesting: my old password displayed back to me in clear text completely unprompted. This is a very, very bad indicator and suggests that their site is storing passwords either unencrypted or with reversible encryption and potentially poses a security risk for everyone who uses the site (i.e. if they get compromised your password is now freely available to whomever did the hack - if you've reused that password you then have big issues; Also, their staff can potentially view your password.). One has to wonder if credit card data is treated similarly?
Anyways, they would hardly be the first to do this... reality is, your data is probably already compromised by one of the many breaches that have happened in the past from much bigger companies (if you do reuse passwords). The process to fix this is labour intensive (and what I'm doing right now). But, for those concerned with password best practices and general online security you may want to review what data you have stored in their system.
(Happy to be proven wrong here, but on the surface it does not look like good practices are being followed)