I've just received an email from OK Furniture informing me that there is a new website. It also includes my password in plain text. Passwords should never, ever be stored plain text. They should be stored hashed and salted. It is also a fallacy to believe that encrypting passwords is secure - if the database is accessed the source code that encrypts and decrypts the data is also likely accessible, which means that the encryption is useless. I will be taking this further, as the OK Furniture website has no privacy policy, and is in breach of several laws covered by the ECT Act, number 25 of 2002, as well as the Consumer Protection Act, number 68 of 2008.
0 comments