What's new
By:
Filters
Roleplay UK

Join the UK's biggest roleplay community on FiveM and experience endless new roleplay opportunities!

RE: One Login Users

Wow. For a company that's literally paid to secure passwords, they done fucked up bad. Why on earth would they ever store passwords in plain text anywhere in their logs? Literally just asking for a breach.

I assume this means that their own staff could also see plaintext passwords of all users in the logs... which is just... wow.

Lucky for me I don't trust other companies to manage any secure data for me. Well, nothing so secure as every fucking password I have at least xD

 
Loooooooooooooooooool we nearly used these people as a SSO service.

 
CMO Marc Smith said:
If one of the biggest ones does shit like that, I wouldn't trust any of them xD
Click to expand...
It talks about their 'Secure Notes' facility, which i'm guessing is just a big textarea type thing. But what makes it secure? 'Multiple levels of AES256' is all well and good, but if the whole thing was breached with 1 single staffers password, that's just wild.

One key to rule them all.

 
Zeito said:
It talks about their 'Secure Notes' facility, which i'm guessing is just a big textarea type thing. But what makes it secure? 'Multiple levels of AES256' is all well and good, but if the whole thing was breached with 1 single staffers password, that's just wild.

One key to rule them all.
Click to expand...
We secure all of your data with multiple layers of 256 bit encryption! Well, apart from the parts we store as logs, they need to be seen by our staff for.. uh.. security purposes.

I seem to remember that the first rule of storing passwords is that you don't store them in plain text anywhere... and that generally means anywhere xD I guess they didn't get that memo.

 
CST Salty Vampire said:
It is? Eh still a helluva lot more secure than plaintext passwords xD
Click to expand...
443a93657b5e8bb17d6a9696b35267be.png


Yuuup xD

 
It's still ridiculous to hear these stories so regularly! It's like every few months, a massive company leaks a bunch of personal or secure data and then tries brushing it off like it's nothing? They need to fucking learn that this isn't just a few characters in their database, it's people's godamn livelihoods, livelyhoods, lovelyhoods...

 
John Pickle said:
It's still ridiculous to hear these stories so regularly! It's like every few months, a massive company leaks a bunch of personal or secure data and then tries brushing it off like it's nothing? They need to fucking learn that this isn't just a few characters in their database, it's people's godamn livelihoods, livelyhoods, lovelyhoods...
Click to expand...
To be honest, most of these database dumps are due to such basic mistakes that it literally should never happen. I honestly think that companies that store personal data should be liable to store it safely and have some legal consequences when they don't. That way I'm fairly certain they'd invest more money into their security and make sure that this kind of thing doesn't happen.

The only time that I'd excuse something like this happening is when the core database software has a vulnerability that can be exploited easily. Other than that, a minimum level of security should be legally required by all companies.

 
You must log in or register to reply here.
Back
Top