
Programmers take the easy way out and not implement proper password security - Balgair
https://www.zdnet.com/article/study-shows-programmers-will-take-the-easy-way-out-and-not-implement-proper-password-security/
======
jimrhods23
They found all of their developers on Freelancer.com. I've used this platform
a few times and the majority of developers here are not very good and cheap.

It's no wonder the majority had no idea about password security.

Good developers are hard to come by. Many companies don't realize this and
just want to hire the cheapest they can find.

------
ecpottinger
Also consider the amounts paid. Programmer time does costs, so not only did
they get bad programmers, good programmers don't work that cheap.

But they were not paying the time that even bad-medium programmer would need
to do testing/research to improve their programs.

Just for my own personal stuff I will spend weeks getting in right, profile
the code, checking behavior for a range of unlikely inputs, and do web search
to see how others did the same type of program and if they have better ideas
than me.

For a 100-200 Euro payment I don't see how you could make money if you did all
that. You get what you pay for.

PS. Plain text and Base64! I did not know they were that bad, I learnt not to
do that years ago as a teenager running a BBS on a C64.

------
rmbryan
Considering their methodology of selecting for the lowest performing engineers
and specifically NOT asking half of them to secure the passwords, I'm
encouraged that their numbers were as good as they were.

------
x0hm
The headline could have stopped at "Programmers take the easy way out"

