Not So Stupid Questions 2 - Showing Password to users is incorrect

We have seen many websites have a Reset Password for a username.

Two Scenarios:

One: Password is sent as a plain text.

Note: Don't Send Passwords in the plain text.

Example: Here, Warholstore.com displays password in the email.
Issue: Dont neglect this security issue ! You might be noticing your own website one day in the www.plaintextoffenders.com 

Two:  Reset link will be sent to the websites 

When a Reset Link is clicked - It redirect to reset password page.

Example: Here is the Yahoo - Reset Password page

It shows "Show Password" - Check box - Selected by default.

Now, Un-check the check box selected and Type the Password in the text box area.

Bug: We don't expect to see the password shown while typing, but it displays the password.



PS: Please let me know, if any questions.


This entry was posted in . Bookmark the permalink.

Leave a Reply