

Warning: NIC.IO stores passwords in plaintext. - andyhmltn
http://andy.fine.io/2013/05/07/a-note-about-registering-io-domains.html?hn

======
philtar
Marcaria.com stores them in plaintext, too.

I told them about it multiple times.

"We'll have our engineers look into it" \-- Two Days Later -- "This ticket has
been closed."

~~~
andyhmltn
Yup. That's usually the way. These guys kept assuring me my password was
'extremely safe, secure and backed up by industry standard.' Then I pointed
out what the industry standard actually was and they've since stopped
replying.

------
astrodust
Is there a service where, given a domain name, you can get an assessment of
previous security problems, or potential ones?

Many cities have restaurant inspections, so why not this?

~~~
pixelcort
Or even better, a PBKDF2/bcrypt/scrypt certification.

Something like "Site X has been verified to to be using per-user salts using
scrypt at 200ms and 1MB memory."

------
coin
Storing in plaintext != recoverable password (not hashed)

