Hello – It’s been happening for a while, but it’s really (really) time to end storing clear text passwords in the database.  It’s *LONG* past time to send them in email to your users.

 

If you’d like proof, go to

 

http://plaintextoffenders.com/submit

And

http://krebsonsecurity.com/2012/06/naming-and-shaming-the-plaintext-offenders/

 

Of all places, Fedora and Red Hat should be leading this charge.

 

Thanks for listening,

 

Perry Engle

Lead Cyber Security Engineer, Section Leader

The MITRE Corporation, Department G026

(o) 781-271-2349 (m) 617-893-0058