-5

I would like to know why it is a bad idea to store passwords in "plain text" in database. you could give me some article about it

luka
  • 101
  • 2
  • 6
  • would you like some developer to just do `select * from users` and read your email account's password ? – karthikr Oct 21 '13 at 16:09
  • Because if someone steals your data they have immediate access to all of your accounts. If you hash your passwords and store the hashes, the thief will have to crack each hash before they can access that account. Don't store passwords in plain text. – Troy Carlson Oct 21 '13 at 16:11

1 Answers1

0

Based on my experience as an application security analyst for Banking applications , it is not recommend to store passwords , dollar amounts , account numbers etc in plain text . Sensitive data should be properly encrypted before saving it in the database. You can refer to OWASP Top 10 guidelines .

Bulusu Pavan
  • 9
  • 2
  • 3
    This doesn't answer the question - OP already knows it is a bad idea, he is asking WHY it is a bad idea. Also, passwords should be hashed, not encrypted. – 1615903 Oct 22 '13 at 05:21