Dear Pingdom: you should not be storing my password in plaintext, and you definitely shouldn’t be sending me my password in plaintext emails. You’ve been named and shamed in the past, but haven’t fixed the problem, so here I go.
Update 2011-08-16: A week later, Pingdom stopped sending out passwords in plaintext and let me know via Twitter. Not a bad turnaround! They have also confirmed to me, via email, that passwords in their DB are now “salted and hashed with bcrypt”. Good job!

Dear Pingdom: you should not be storing my password in plaintext, and you definitely shouldn’t be sending me my password in plaintext emails. You’ve been named and shamed in the past, but haven’t fixed the problem, so here I go.

Update 2011-08-16: A week later, Pingdom stopped sending out passwords in plaintext and let me know via Twitter. Not a bad turnaround! They have also confirmed to me, via email, that passwords in their DB are now “salted and hashed with bcrypt”. Good job!

  1. seldo posted this