Page 1 of 3 123 Last
Results 1 to 25 of 56

  1. Post
    #1
    Why does playtech store their passwords as plain text?

    Clicked forgot my password expecting a password reset link, they just emailed me my password in plain text. Which means they are storing them in the database in plain text - or use a reversible hashing algorithm which is equally as insecure.

    I thought any decent company would have better security than this... :mad:

    Glad they use DPS for credit card payments otherwise i'd never put my card details into their site.

    /rant

  2. Post
    #2
    I assume the first thing you did was email them though right?

  3. Post
    #3
    Because often business systems are born out of necessity without much foresight and planning and potentially written by someone with no clue.

    You would be genuinely surpripsed what kind of shit gets stored in plaintext.

  4. Post
    #4
    Yeah I know plenty of places operate with bad practices but it's been a good while since I've encountered this with any site dealing with purchases which is why it surprised me. I must admit I've seen it around a bit but this was unexpected.

    Especially with the amount of sites getting hacked and their databases being dumped over the past few years.

    I'll email them and query the issue. Was planning on doing this once I get home.

  5. Post
    #5
    have my password stored in lastpass with random characters/symbols etc for every website incl playtech

  6. Post
    #6
    technoguy wrote:
    have my password stored in lastpass with random characters/symbols etc for every website incl playtech
    cool, that doesn't help you at all if playtech database gets compromised lol.. which is the whole point of this topic

  7. Post
    #7
    Abo wrote:
    cool, that doesn't help you at all if playtech database gets compromised lol.. which is the whole point of this topic
    Sure it does as the password is unique.

  8. Post
    #8
    thats a cool appl, gotta try it out when I get home

  9. Post
    #9
    eXDee wrote:
    I thought any decent company
    Found the problem.

  10. Post
    #10
    Abo wrote:
    cool, that doesn't help you at all if playtech database gets compromised lol.. which is the whole point of this topic
    I suggest you start using the service...it's free...unless you want access on your mobile device/s...then it's $12/year

    www.lastpass.com

  11. Post
    #11
    Speaking of passwords, TechPowerUps forum was hacked which had salted passwords but of course are getting decrypted.

  12. Post
    #12
    yea last pass is nice, but i prefer my brain for storage

  13. Post
    #13
    As was linkedIn.

  14. Post
    #14
    Abo wrote:
    yea last pass is nice, but i prefer my brain for storage
    how many unique passwords do you have for websites and services?

  15. Post
    #15
    quite a few, easily 20 + off the top of my head

    If I type the password in multiple times i am able to remember it just by visiting the website, or attempting to access the service, obviously this is not the case for everyone.

  16. Post
    #16
    bzE wrote:
    Speaking of passwords, TechPowerUps forum was hacked which had salted passwords but of course are getting decrypted.
    Yeah, websites need to be using SHA256+ or ideally something like Bcrypt.

    Abo wrote:
    cool, that doesn't help you at all if playtech database gets compromised lol.. which is the whole point of this topic
    Yeah frustrating when best practice security is taken out of your hands.

  17. Post
    #17
    People have to get out of the habit of using one password for all their sites they use, especially their email accounts.

  18. Post
    #18
    Going with prebuilt CMS/E-Commerce systems are good at least from the point of view that these basics are covered. Id o admit they are more tricky to modify in some cases.

  19. Post
    #19
    eXDee wrote:
    Why does playtech store their passwords as plain text?

    Clicked forgot my password expecting a password reset link, they just emailed me my password in plain text. Which means they are storing them in the database in plain text - or use a reversible hashing algorithm which is equally as insecure.

    I thought any decent company would have better security than this... :mad:

    Glad they use DPS for credit card payments otherwise i'd never put my card details into their site.

    /rant
    i wondered that today too! the exact same thing happened to me. i was more like, why are they sending me my password rather than a reset password link, but hey.

    i would have never guessed my password though. what was i thinking when i set it?

  20. Post
    #20
    Abo wrote:
    quite a few, easily 20 + off the top of my head

    If I type the password in multiple times i am able to remember it just by visiting the website, or attempting to access the service, obviously this is not the case for everyone.
    i'm like that kind of, except i can't say out loud the password, but i can type it the problem comes when i don't type a password in enough times.

    i hate it when random things want you to have complicated passwords.

  21. Post
    #21
    CLounge wrote:
    People have to get out of the habit of using one password for all their sites they use, especially their email accounts.
    It's hard to remember ALL our passwords these days....especially with complex requirements of capitals, numbers, etc etc.....there are only so many porn star names I could think of!

  22. Post
    #22
    Hi guys,

    Playtech doesn't store the password as paint text. Everything is SHA-256 encrypted

    Don't think ask me how do I know this since our company developed it on Magento - the best eCommerce platform on earth.
    Last edited by magebinary; 24th March 2019 at 10:42 pm.

  23. Post
    #23
    magebinary wrote:
    Hi guys,

    Playtech doesn't store the password as paint text. Everything is SHA1 encrypted

    Don't think me how do I know this since our company developed it on Magento - the best eCommerce platform on earth.
    You did a terrible job, your code is shoddy, your design is crap, and why have you only used SHA1? Is this 2016?

  24. Post
    #24
    Privoxy wrote:
    You did a terrible job, your code is shoddy, your design is crap, and why have you only used SHA1? Is this 2016?
    Haha thanks. What is your screen resolution? SHA-256 / AES-256 is unbreakable unless you have quantum computer to “brute force” it.
    Last edited by magebinary; 24th March 2019 at 10:42 pm.

  25. Post
    #25
    magebinary wrote:
    Haha thanks. What is your screen resolution? SHA1 + SALT is unbreakable unless you have quantum computer to “brute force” it.
    That was true in 2005. Not so much these days, and Google released a collision method in 2017. I was using SHA-256 but just switched to Argon2. May as well do it now then get caught out in a decade when technology is beyond our wildest dreams of today.