Stuart, I totally agree with your concern. I just spent 20 minutes with a customer support person for Dodo, trying to convince them it is a good idea to hash passwords and not store them in plain text. Seem most telcos in Australia have similar issues. I just set up an account to be able to post on this site and I saw a clue that the password I entered was being stored in plain text : Maximum character length 20 characters... If it's hashed, it shouldn't matter. You could use an essay as your password and it would be the same size in the database (might be a bit of an issue in terms of time taken to upload password).
... View more