Tsohost.com stores passwords in cleartext

Okay, it is 2015, we all know that is it a horrendously bad idea to store passwords in cleartext.

Yet, when I log in to Tsohost’s interface I am greeted with this:

screenie_1449171843_157324.png

Ugh! So either they store one version of the password in cleartext, and shows that to the user, or they store the current version of the password.

Fortunately, it is really easy to switch to a new safer password scheme when you are already storing passwords in cleartext.

To recap Jeff Atwood’s post on the subject:

Use bcrypt to store passwords.

And if you want to do it really well, you should probably consider using scrypt instead.

But anything is better than storing passwords in cleartext!

 
12
Kudos
 
12
Kudos

Now read this

Zero-downtime upgrades with AWS Elastic Loadbalancers (ELBs) and Haproxy

I have a Classic Loadbalancer configured in my infrastructure with Terraform: resource "aws_elb" "ingress" { # (...) # Regular traffic: listener { lb_port = 80 lb_protocol = "tcp" instance_port = 8888 instance_protocol = "tcp" } listener... Continue →