When is it a good idea to store passwords in clear text?

Question

I am working on an application that is targetted at non technical users. I expect a large number of support calls regarding lost passwords and inability to login.

I am u

Answer 1

For any reliable information on legal reasons, consult a lawyer. In the US, you should be able to get a referral from your local bar association. I am not a lawyer and this is not legal advice.

That said, if you ever have a data breach you might be liable for anything that happens on your site, including the possibility of being responsible for anything financial or libellious. If the user uses a password on multiple sites, you might possibly be liable for other activity on other sites. In the US, you can get sued for pretty much anything, and it's not clear to me that you'd win such a suit.

So, the legal liabilities are potentially large. Consult a lawyer before saving cleartext passwords.