AutoCrit is Storing Your Password in Plaintext

Comments

Share this: Facebook · Twitter · Reddit · Print


The book editing service AutoCrit.com is storing its users' passwords in plaintext.

When you ask to 'reset' your password, they send you your actual password in plaintext:

AutoCrit plaintext password email

Why is this bad?

A website storing a password in plain text means that your password is there, waiting for someone to come and take it. It doesn’t even matter if you’ve created the strongest possible password. It’s just there.

Whether it’s someone hacking into their servers, using a simple flaw in their site or even stealing their backups, over 30% of sites store plain text passwords.

I notified them of this urgent issue on the 10th August and they brushed off my concerns, just resetting my password and sending it to me again:

Initial email

I also sent a tweet out to get the warning out there and make sure this gets fixed as soon as possible:

Please share this so that AutoCrit sort out their security procedure! We need to name and shame websites into taking their users' security seriously.

For further information: http://plaintextoffenders.com/faq/devs


Posted on: 2nd September, 2018


Share this: Facebook · Twitter · Reddit · Print


Aspiring writers: Are you concerned about writer's block? Worried that your story will be boring or incoherent?
Download "Why a Lack of Planning is Killing Your Story"

Comment Rules: Let's all be cool and rational here. You're free to disagree or give criticism, but rudeness or nastiness aren't okay. Always use your PERSONAL name not your business name, because the latter looks like spam. Thanks for adding to the conversation!