Top
210°

Activision denies storing Call of Duty Elite passwords in plain text

Activision has denied storing Call of Duty Elite passwords in plain text - but has admitted emailing them to customers in plain text form when they ask to recover them.

Read Full Story >>
eurogamer.net
Oculus Quest Giveaway! Click Here to Enter
The story is too old to be commented.
-Mika-2971d ago

It not even that serious.

Dark_Overlord2971d ago

Totally agree, sites i've used in the past have sent me my password in plain text before (after forgetting my password).

Usually they send it the instant you request it, then you read the email and instantly delete it.

I have no problem at all with this method

gamingdroid2971d ago (Edited 2971d ago )

Except that means anyone can intercept your email and get your password. Email is not a secure method of transmitting sensitive information.

Activision should definitely use a one way hash with a strong salt to secure the data.

Encryptions can be broken, and even hashed data can be recovered to some degree.

This is poor security from Activision and should not be accepted by consumers!

Intentions2971d ago (Edited 2971d ago )

Yeah it isn't even serious.

I agree with both of you.

@gamingdroid
It's only bad if they know your email and password. So I don't see why it is poor security. A lot of websites does this method.

radphil2971d ago (Edited 2971d ago )

"It's only bad if they know your email and password. So I don't see why it is poor security. A lot of websites does this method."

Honestly it's safer if a website has it changed in their database than linking to an email.

It's nothing to throw a hissy fit over however.

gamingdroid2971d ago

It seems you guys aren't familiar with email "technology", but all email is sent in plain text and travels over multiple unsecure servers on the internet. Anyone of those can pick the username/password from the data packet.

It's NOT a secure method of communication period.

A lot of sites does it does NOT mean it is safe! That is why you NEVER send credit card information over email (although people do).

The proper way to do it is to send a link, that has an expiration date if it isn't super sensitive.

+ Show (1) more replyLast reply 2971d ago
Bladesfist2971d ago

Why store stuff in plain text, it costs you nothing to salt and hash.