----------------------------------------
       Plaintext passwords
       May 12th, 2020
       ----------------------------------------
       
       A recent set of exchanges on the fediverse reminded me that
       there's still plenty of poorly run websites and institutions who
       are still storing user credentials in plain text. Yes, unencrypted
       plain text.
       
       I remember the horror in my heart back in 2008 when I was trying
       to learn about virtual credit cards from my bank (a cool idea
       which went away for no good reason). I was on the phone and the
       customer service representative asked me for the 3rd and 5th
       letter in my password to verify my identity.
       
       Did it hit you too? Did that little pit in your stomach open up
       like it did for me? How could this person know a specific
       character in my password?
       
       Needless to say, the conversation I had with the bank that day
       quickly changed. I wish that was the only time I had the
       experience, but it happened a second time in the same year in
       a conversation with Fidelity, who ran my 401k at my job at the
       time. In that case I was stuck. I couldn't choose to move my 401k
       to another provider. Thanks America.
       
       Anyway, there's a ton of these places including a downright scary
       number of banks (looking at you Tesco). I figured gopher needed
       some place to reference the list of shame, so I made one [0] over
       in my Experiments section. There's a link over there to the master
       list managed in github as well. If you have others to add, make
       a PR and help shame them.
       
 (TXT) [0] List of sites storing passwords in plain text