LinkedIn has been the latest hacked password clusterfuck. One of the many we know about. There are probably many more that have never been public.
What are the consequences for these companies? They just seem to shrug and carry on.
When are all companies going to take security more seriously? I don’t know, but it feels like they really don’t give a damn about you and continue to repeat the mistakes of others.
Perhaps every company should follow this simple advice:
New rule: every website must disclose their password storage format on the signup page. Scared to disclose? It’s too weak.
At least that way consumers would be able to make a more informed decision before trusting a company with their personal information. Even if, at the end, their password is qwerty12345. [Twitter]