It’s insecure to store passwords unencrypted, let alone email them.
Moniker and SnapNames, both former companies of Oversee, don’t seem to get a break these days.
After a recent security alert that led to the forceful resetting of every Moniker account password, the focus is now SnapNames, also owned by Luxemburg based KeyDrive.
Apparently, when one forgets their password, they can request it via email.
Email is an open, insecure protocol and all text travels unencrypted from the SnapNames servers to its destination.
Furthermore, because the exact password is being sent, that means – very simply – that it’s being stored on the SnapNames servers as is.
Now, that’s a scary practice that defies all modern logic regarding password security. Account passwords should be reset, never stored and emailed.
The implementation of ‘salting’ hashed passwords should be a priority at SnapNames. Until that change is implemented, make sure you have control of your email address for that account, and never use the same password across various services.
This post is 100% true!
