I remember having to reset an email password once and the link to reset it was sent to a recovery email address that I hadn't used in a long time, I couldn't remember it's password either, at some stage you need to trust a human to help you. I still like to chat to a human to get things sorted rather than web based boxes and enquiry email forms, anyway see what the sys admin guys have to say about it all.
I totally agree with your concern. I just spent 20 minutes with a customer support person for Dodo, trying to convince them it is a good idea to hash passwords and not store them in plain text. Seem most telcos in Australia have similar issues.
I just set up an account to be able to post on this site and I saw a clue that the password I entered was being stored in plain text :
Maximum character length 20 characters... If it's hashed, it shouldn't matter. You could use an essay as your password and it would be the same size in the database (might be a bit of an issue in terms of time taken to upload password).
A bit of a whopper, isn't it?
Couldn't agree more. Feeling nervous... sort of... would be much worse if it weren't for the simple fact that I have not used this password elsewhere.
Thanks to Password Managers everywhere!
TPG - This is TOO SLACK. I REALLY HOPE YOU HAVE FIXED THIS BY NOW