I’ve been registered in TLA site long time ago. Since I start this Blog I put their ad here, but this was till now.
I really want to know I am the only person knowing my password, but unfortunately it’s not this way at least in TLA. Recently I wanted to login into my account at text-link-ads.com, but I had forgotten my password and I requested a new one with “Forgot password” feature from their site. I was really surprised, that instead a temporary string for new password, or activation link which will give me access to change my password, I received my password as plain text in my e-mail.
Let me explain what is possible to be done keeping passwords as plain text.
First – Most people used the same password for everywhere, and most likely the password for the service is the same for the registration e-mail.
Second – many people, including myself keep some important information in their mail boxes such as domain and hosting details and passwords, and worst – credit card info, bank info etc.
Third – Having access to this data anyone can use the information in the bad way.
Make your conclusions about your security with such service.
As developer which working mainly with web applications, I never keep my passwords in plain format, NEVER. I always put at least an MD5 hash in top or using crypt with salt.
When I see such “functionality” I just cancel my membership in such sites/services, or ar least I change my personal details and I just stop using it.
I would really want to know what are you thinking about security both in your projects and such sites?
By the way the site text-link-ads.com is not appearing on the Google search results /at least not in the first page/ I searched even for “text-link-ads”, TLA and “Text Link Ads” which is full domain name and I can find the site in the 5-th page. I heard for the “war” between Google and TLA about nofollow atribute, but I didnt know that Google will make such thing. Anyway, this is just an observation.