Learn More
Resend Email
35
FearMediocrity
7y

We recently took over development of an app. Upon inspection the API had no security, and passwords were stored in plain text. While the manager was slightly concerned, it wasn't a big deal....

That was until, using only a browser, I found the bosses account and personal email address.

Minutes later I was in his gmail, Facebook and credit cards account.

Improving security is now concern #1, and my boss is "suffering" 2 factor authy on everything.

undefined

api

boss

security 101
Favorite
Ranter
Comments
  • 14
    7y
    Did you buy him a teddy bear with his own money?
  • 7
    7y
    @RodrigoF No, but I can't imagine it was the most life affirming experience to have me standing over his shoulder while he changed his password, while I mansplained 2 factor auth.
  • 8
    7y
    Today i showed my boss i can easily retrieve his password in chrome through inspect element. And he is freaking out.
    He keeps showing me different services to secure this (lastpass, keepPass etc..) and I keep finding flows in those services. It's been fun week.
  • 2
    7y
    @treeroot God I wish I was one of you or the OR right now 😞
  • 2
    7y
    Until there are lawsuits and class actions, software won't magically become secure.
  • 1
    7y
    @treeroot lol, you haven't told him there is no perfect tool, only choices?
  • 1
    7y
    ....plaintext.....passwords.... WTF who does that?
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment