A website storing a password in plain text means that your password is there, waiting for someone to come and take it. It doesn’t even matter if you’ve created the strongest possible password. It’s just there.
We’re tired of websites abusing our trust and storing our passwords in plain text, exposing us to danger. Here we put websites we believe to be practicing this to shame.
Found a text offender? Anonymously submit it to us and put it to shame!
Are you a developer? You can read a technical introduction to what you can do and then read about the two algorithms you should choose from. An alternative to all the hard work would be to completely delegate authentication using standard secure protocols like OpenID Connect (with implementations by many big names) and just get rid of the whole headache entirely.
Just want to help? Find a site you know and contact them with the post. We’re always looking to add sites to the list of reformed offenders!
Photo by Michael Reidel cc-by
This work is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.