Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

There is a website I use at work, external to our own. They have just presented

ID: 655585 • Letter: T

Question

There is a website I use at work, external to our own. They have just presented with every employee with their plain text password and username via our internal website which requires our own logins.

I was wondering if this should be viable for a professional company (Either the external website company or my internal one) to store plain text passwords? And if so are they prosecutable under any law regarding how they store passwords?

Sorry I am very unaware of the way passwords should be handled and the law regarding them Thanks in advance

Explanation / Answer

Theres no law regarding passwords. Only law that exists applies to personal details, but a password is not a personal detail. Since the password is often selected by the end user, under EU law this will Count as consent too, so even if someone would enter personal details as their password, it would Count as consent.

Depending on what the password protects, there might be security standards that laws will recongnize, for example Credit card details are protected under PCI DSS, Health information are protected under HIPAA, and so on. There also EU laws mandating how personal details should be protected. Those might mandate that passwords should not be stored in any recoverable form.

However, its a bad practice to display passwords like this. However, depending on what the password protects, it might not matter anyways. One example is that all passwords are visible to a administrator, so a administrator can log in as any user. This might be a way to solve that some systems does not have "Takeover" capabilities where a admin can log in "as" any user.

Another way can be that the service being protected by the password, is also protected by any other means, like a firewall requiring a VPN dial-in Before allowing access to the protected service. And the password protection on this service are then not compatible with Single-sign on solutions or similiar, why the Company behind, simply show the password to login to This protected service, because even if the password do leak out, its useless to a attacker who do not possess the other means requiring to reach the protected service (like the VPN dial-in details, certificates and any OTP tokens).

Related Questions

There is a special relationship between binary and octal and binary an hexadecim
Question #440770
There is a special relationship between binary and octal and binary an hexadecim
Question #440772
There is a special relationship between binary and octal and binary an hexadecim
Question #440773
There is a special relationship between binary and octal and binary an hexadecim
Question #440774
There is a special relationship between binary and octal and binary an hexadecim
Question #440775
There is a special relationship between binary and octal and binary an hexadecim
Question #440776
There is a special relationship between binary and octal and binary an hexadecim
Question #440777
There is a special relationship between binary and octal and binary an hexadecim
Question #440778
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
There is a weblog. When a visitor goes to their web site, the visitor\'s browser
Next
There is a wenn known medicine on the market called \"Espron\" with a suc- cess

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.