Submitted on Saturday 15th February 2014
Published on Tuesday 18th February 2014
Current status: Closed
Closed: Sunday 18th May 2014
Signatures: 5
Data Protection Act - Include password storage
To prevent fraud, and force companies to act responsibly - I want the Government to amend the Data Protection Act (or any relevant act) to treat customers passwords as "prohibited data", unless they make it clearly visible, on entry, that this information will be stored in an unsafe manner.
This would prevent password leakage through hacking, and prevent companies sending plain text passwords, which put customers at risk.
Companies should make reasonable efforts to use industry best practice methods (guidelines prescribed by the British Computer Society?) which do not allow hackers or internal employees to reverse engineer a password.
Current methods include
- storing a strongly encrypted mathematical hash value of password and 'salt' value - NOT the password.
- using a trusted 3rd party Authentication provider and only storing a secure token.
You can't sign this petition because it is now closed. But you can still comment on it here at Repetition.me!
18.119.124.204 Sat, 21 Dec 2024 18:37:53 +0000