Hashing is considered to be an essential part of securely storing passwords. Remember the old days, when password recovery resulted in your password being mailed back to your email address? There was a reason why it was replaced by password resetting - because companies didn’t want hackers to find out their customers’ passwords in case their databases were breached.
Yatra.com is a Web18 venture and one of India’s most popular travel sites. Now, I like Web18 websites, mainly because they conform to the latest web design trends, but seeing that the password recovery feature mailed back my original password in plain-text makes me wonder that they have a very loose back-end. One breach, and hundreds of thousands of passwords are instantly exposed. What makes it worse is that most people use the same password across multiple websites.
Try out the recovery feature and see for yourself. I’m suspecting Yatra has a very, very weak back-end. That’s the last I’ll be using them for a while.
0 Responses to “Where’s the security, Yatra?”
Leave a Reply