This is just incredible; and it doesn’t come from some sort of deep research, white-hat hacking!
Hover.com – a former URL shortener service that became a domain registrar – openly admits to storing account passwords in unencrypted, plain text format!
Quoting from the Hover.com web site:
Password resets quickly became one of the top concerns people called us about. So, we changed the process. Rather than sending out instructions that would allow you securely reset your password, we would just send you your password.
[…] Most of the public discussion around this functionality focuses on whether or not storing passwords in plaintext is a security risk or not.
[…] We acknowledge that ours is not the most secure approach.
I don’t know about you, but some things aren’t meant to hover.
