I suggest you ...

Don't Store Customer Passwords in Plaintext

I just received the signup email for Write Beta account and you have sent me my password. It means you are storing passwords in plaintext. Seriously?

Please respect customer's data and add some sort of security for storing user passwords.

4 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
declined  ·  AdminHappy Hamster (CEO, Write!) responded  · 

We do not store passwords in plaintext! We accept 6 to 30 symbol passwords which are hashed using SHA-512 with 24 byte salt randomly generated for each user.

The welcome email is in fact sent before we put data into database, which is not good (whoever has access to your email could have access to your Write! account) and we will remove password from welcome email shortly (I expect within 24 hours.)

We are aware it’s 2015 outside and we do take data security seriously.

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    Got this aswell. If you want us to pay please change this....

    This is a huge security flaw. Famous case with tesco.

Feedback and Knowledge Base