An Interest In:
Web News this Week
- March 22, 2024
- March 21, 2024
- March 20, 2024
- March 19, 2024
- March 18, 2024
- March 17, 2024
- March 16, 2024
April 7, 2018 12:03 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/SGgwaB0hFGs/t-mobile-stores-part-of-customers-passwords-in-plaintext-says-it-has-amazingly-good-securi
T-Mobile Stores Part of Customers' Passwords In Plaintext, Says It Has 'Amazingly Good' Security
T-Mobile Austria admitted on Twitter that it stores at least part of their customer's passwords in plaintext. What this means is that "if anyone breaches T-Mobile (it's only a matter of time), they could likely guess or brute-force every user's password," reports Motherboard. "If the passwords were fully encrypted or hashed, it wouldn't be that easy. But having a portion of the credential in plaintext reduces the difficulty of decoding the hashed part and obtaining the whole password." From the report: "Based on what we know about how people choose their passwords," Per Thorsheim, the founder of the first-ever conference dedicated to passwords, told me via Twitter direct message, "knowing the first 4 characters of your password can make it DEAD EASY for an attacker to figure out the rest." T-Mobile doesn't see that as a problem because it has "amazingly good security." On Thursday, a T-Mobile Austria customer support employee made that stunning revelation in an incredibly nonchalant tweet. Twitter user Claudia Pellegrino was quick to point out that storing passwords in plaintext is wrong, but another T-Mobile customer rep didn't see it that way. "I really do not get why this is a problem. You have so many passwords for every app, for every mail-account and so on. We secure all data very carefully, so there is not a thing to fear," the rep wrote back.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/SGgwaB0hFGs/t-mobile-stores-part-of-customers-passwords-in-plaintext-says-it-has-amazingly-good-securi
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot