Jeff Atwood recently wrote a post to warn his coding brethren that they’re probably doing really bad things with user’s passwords. Reading the comment thread for that blog post convinced me that he’s 100% correct, they are. One commentator, Mats Helander, wrote a very good post about why storing passwords in plaintext ought to be illegal, from which I’m stealing this quote:
In my opinion, this is one of the very rare cases where I think the law should get involved, protecting the developer from having to compromise my security in order to keep his job. The developer should be able to say “No boss, that would be against the law”.
Why should it be illegal?
Because of the simple fact that users reuse their passwords between systems. And that, in combination with an increasingly online life, means that online impersonation is going to become a very serious concern.
… which is one of the points I was arguing in this thread.
If you are assigning an authentication pair (i.e., username/password) to a user, you have an obligation to protect that digital identity, both in your own database *and* in transit.