

Bookmyshow.com Saves User Passwords in Plain Text - Archit
http://blog.archit.in/2012/07/bookmyshow-com-saves-user-passwords-in-plain-text/

======
timaelliott
They could have encrypted your password and decrypted it for that email. Still
poor practices but there's nothing here to indicate what your title states.

The bottom of your article also suggests people use MD5 and salts, so clearly
you aren't in a position to be criticizing anyone's password policy :)

~~~
benjaminsull
The privacy policy states the password is sent by one way encryption. That
suggests it shouldnt be (easily) decryptable.

Regarding MD5/salts, the author says "for starters" and "at least" and directs
the suggestion specifically to the owners of the website. To say he is
"suggesting people use MD5 and salts" isnt very accurate.

