Obviously no company should be storing passwords in a way that the password can be determined from storage.
But the one (unlikely) case where these emails would be permissible is in first time account creation, where the user didn't set their password when the account was created (maybe it was created by an admin). If a one time (hopefully expiring) password is generated, stored securely, and simultaneously sent to the user then some of these are acceptable.
I think when this issue is discussed it’s too black and white with no nuance given for support trade-offs. Yes storing passwords in plain-text is less secure but we make similar trade-offs all the time. LastPass’s enterprise offering gives your admins the ability to decrypt your password vault in the event you lose you password effectively breaking E2E, iMessage backs up your messages to iCloud in plain-text, WhatsApp silently rotates keys, SMS recovery very often breaks 2FA, DNSimple will store your private certs if you ask. Security and usability are always a balance.
If you say that “basically everyone should never store plaintext passwords” then I will 100% agree with you but there are cases where the trade-off in usability can be worth it for very non-technical users. We as technologists must every single day store sensitive data about or on behalf of our users in plain-text for them to actually be able to use our services. If you can do that then you can secure passwords as well.
> If you say that “basically everyone should never store plaintext passwords” then I will 100% agree with you but there are cases where the trade-off in usability can be worth it for very non-technical users.
IMO due to less technical users it's even more important that passwords aren't stored in plaintext. Less technical users are more likely to reuse passwords across multiple websites.
When a breach occurs unless passwords are salted and hashed the attackers immediately gain access to every account with the same username/email + password. This isn't as much of a problem for security conscious users, but if you're writing a piece of software it's important to remember that not all your users are security conscious. We can do better as an industry.
[+] [-] kag0|4 years ago|reply
But the one (unlikely) case where these emails would be permissible is in first time account creation, where the user didn't set their password when the account was created (maybe it was created by an admin). If a one time (hopefully expiring) password is generated, stored securely, and simultaneously sent to the user then some of these are acceptable.
[+] [-] ThePowerOfFuet|4 years ago|reply
[+] [-] Spivak|4 years ago|reply
If you say that “basically everyone should never store plaintext passwords” then I will 100% agree with you but there are cases where the trade-off in usability can be worth it for very non-technical users. We as technologists must every single day store sensitive data about or on behalf of our users in plain-text for them to actually be able to use our services. If you can do that then you can secure passwords as well.
[+] [-] sh-run|4 years ago|reply
IMO due to less technical users it's even more important that passwords aren't stored in plaintext. Less technical users are more likely to reuse passwords across multiple websites.
When a breach occurs unless passwords are salted and hashed the attackers immediately gain access to every account with the same username/email + password. This isn't as much of a problem for security conscious users, but if you're writing a piece of software it's important to remember that not all your users are security conscious. We can do better as an industry.