Forgot your password?
typodupeerror
Australia Security IT

Australian Tax Office Stores Passwords In Clear Text 84

Posted by Soulskill
from the you're-doing-it-wrong dept.
mask.of.sanity writes "The passwords of thousands of Australian businesses are being stored in clear readable text by the country's tax office. Storing passwords in readable text is a bad idea for a lot of reasons: they could be read by staff with ill intent, or, in the event of a data breach, could be tested against other web service accounts to further compromise users. In the case of the tax office, the clear text passwords accessed a subsection of the site. But many users would have reused them to access the main tax submission services. If attackers gained access to those areas, they would have access to the personal, financial and taxpayer information of almost every working Australian. Admins should use a strong hash like bcrypt to minimize or prevent password exposure. Users should never reuse passwords for important accounts."
This discussion has been archived. No new comments can be posted.

Australian Tax Office Stores Passwords In Clear Text

Comments Filter:
  • by blueg3 (192743) on Thursday February 28, 2013 @12:03PM (#43035153)

    But we need to go further than that. When forms are submitted, browsers should not allow "hidden" fields to be transmitted directly, and instead should have a default action of encrypting them with Bcrypt [wikipedia.org] or SHA-256. [wikipedia.org] When building a website, many people will use defaults and follow the easiest path. The default should be transmission of encrypted passwords, not plaintext.

    This is why security is often so terrible: people don't know what they're talking about when it comes to security, but they throw some encryption (or in this case, hashing) at the problem and hope it solves it, like pixie dust.

    Hashing isn't encryption; encryption is reversible, while hashing isn't. There's already a system for encrypting transmissions between a browser and a Web server.

    If you hash the password before transmitting it, then the hash is simply the password. Sure, it doesn't look like "password" or "123456", but it retains all of the security problems that a plaintext password does. It provides absolutely no security benefits, but it looks better (if you don't look too hard) because you've applied some crypto, somewhere!

"From there to here, from here to there, funny things are everywhere." -- Dr. Seuss

Working...