Skip to content

PlainText Passwords at HMV

Today I received a mail from HMV telling me that my two years old points where going to expire, and that’s how I decided to log in on the website and spend them. Unfortunately I did not remember my password and clicked directly on the button “password reminder”.  A few minutes later, I received an e-mail containing my old password in Plain Text 

Obviously HMV does not followed the security industry’s best practices, and that scared me.  Recently, everybody has become aware of the multiple leak of passwords from multiple big companies, and how important it was to manage your passwords in the best way possible (Read my previous article on the subject  “password leaks and passwords managers“).

And this reminded me of multiple articles on the same problem, involving tesco. Read the articles here, on the register, or Troy Hunt‘s blog.  As well said in the article, written by  Jem,  usually (andfollowing  the security industry’s best practices) passwords are hashed, and a salt is added to the hash, and when you need to recover your password, you receive a new one, but at HMV it’s not the case !!

I use different passwords for every website I use, but thousands of other people do not follow this difficult rule, or do not use any password management softwares.

Hashing + Salt, is a good solution, but not unbreakable, using some rainbow tables or dictionaries  will help crackers and “hackers” to find your passwords but it’s a good start and I hope my e-mail to HMV will resolve the problem, because I’m pretty sure that HMV stores their passwords in the same “secure” way tesco did.







Post a Comment

Your email is never published nor shared. Required fields are marked *