1
Many sites claim they aren’t capable of viewing subscribers’ passwords. How does this work? Is it mandatory for websites which allow users to log in? Are there any protocols or laws which obliged them to store passwords in such a manner?
Also, how is this possible? Do they storing the users’ passwords on their servers in an encrypted format?
Laws depend on country, I know the US does not have a law. – Scott Chamberlain – 2014-05-26T16:00:57.193
I see. Does that mean I shouldn't believe their claims that they weren't all capable of viewing the passwords, right? – Selin Peck – 2014-05-26T16:15:46.577
There's a site to post bad examples of what you describe: http://plaintextoffenders.com/
– TheUser1024 – 2014-05-26T18:00:43.513You might be interested to read my series of articles that describes the failings of a number of password systems, and arrives at a solution where the site does not need to ever know the original password. See http://blogs.msdn.com/b/ericlippert/archive/tags/salt/
– Eric Lippert – 2014-05-26T19:47:46.813