Jeff over at Coding Horror lashed out at the MENSA web site today, after discovering that their web site uses a presumably weak password storage mechanism that stores passwords in a recoverable format. The main point is that because the passwords can be retrieved by the application and sent back to the users, then they must be stored in a way that would allow an attacker to obtain a list of all (or some) of the passwords in the system.

One primary reason that this is seen as a bad thing is that many users use the same password for all of their various accounts, and therefore if the password is compromised in one place, it’s compromised everywhere. Apparently, according to this argument, every web site should have bulletproof security regardless of what it is that the web site does, in order to protect its users other accounts with other web sites. While this is a noble sentiment, and it would be great if this would happen, it’s a silly argument.

Security costs money, in terms of development, support, maintenance, training, etc. Therefore, security is built into an application as much as is reasonable for what the application does. If I’m designing a web site that lets you register your e-mail address, and all my web site does is associate your e-mail address with your home address so you can order a pizza online (let’s forgo the concept of credit cards for the moment and assume this is all handled with cash), why in the world should I need to have my site armed to the teeth with SSL, salted password hashes, password complexity requirements, and password expiration periods?

Since I’m not a member of MENSA, I don’t know what sort of services are available through their web site. If they aren’t performing anything that requires a high amount of non-repudiation and authentication, then why should anyone care if they’re storing passwords weakly? If you get your E*Trade account hacked because it had the same password as your MENSA account, that is not MENSA’s fault, because you shouldn’t be sharing passwords between any two systems, let alone two systems with vastly different security requirements. Don’t use the same password for your bank account as you do for your local pizza delivery place, and you’ll have a lot less to worry about.

This entry was posted on Thursday, June 26th, 2008 at 7:06 pm by Walt Turnes and is filed under passwords. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.