
Gawker Considered Stupid – Criminally Stupid - nice1
http://marknelson.us/2011/02/06/gawker-considered-stupid-criminally-stupid/
======
makecheck
Now if we can just find a cure for websites that _require_ passwords to be
inherently insecure (e.g. "8 character limit", "can't use most special
symbols", or almost any kind of "security questions").

------
winestock
"That’s why we need to make the storage of encrypted passwords illegal."

Mint.com seems to require storage of plaintext passwords in order to access
the financial accounts of its users. How could they get around this?

~~~
veb
Explain further?

~~~
winestock
Mint.com consolidates ones financial accounts and information from several
websites. These websites, of course, belong to banks and other financial
institutions. Naturally, Mint.com needs the login credentials for those sites.
Therefore, a hashed & salted password is useless; Mint needs to store the
username & password in plaintext.

Here's some more information:
[http://fourthcheckraise.blogspot.com/2011/01/might-cost-
you-...](http://fourthcheckraise.blogspot.com/2011/01/might-cost-you-
mint.html)

