Why are plain text passwords bad, and how do I convince my boss that his treasured websites are in jeopardy?

Question

I\'ve always been of the impression that storing passwords in a database as plain text is (as someone else here put it) a Very Bad Thing™.

Historically, most of our

Answer 1

Besides the security risks, I wonder what your clients would say if they found out every employee of your company has access to passwords. When it comes to possible leaks, the passwords are at risk if:

• the database is backed up by an external company
• the operating system that the db software is running on has any security risks
• security flaws in any other hardware or software firewall
• any users that have access to the db somehow get a virus that could exploit the data
• the db happens to be on a computer or laptop that is stolen
• a disgruntled employee is fired and decides to "get back"

every once in a while you'll hear of businesses that store sensitive information in plain text and it never ends well. we're all human and prone to error, you can't assume perfection when it comes to security. you won't find any large, profitable company leave room for any risk that can be avoided since anything bad that can happen, will happen...