Repetition.me

Have your say on government e-petitions

Data Protection Act - Include password storage

Submitted on Saturday 15th February 2014

Published on Tuesday 18th February 2014

Current status: Closed

Closed: Sunday 18th May 2014

Signatures: 5

Tagged with

British ~ SAlt

Petition Action

Data Protection Act - Include password storage

Additional Information

To prevent fraud, and force companies to act responsibly - I want the Government to amend the Data Protection Act (or any relevant act) to treat customers passwords as "prohibited data", unless they make it clearly visible, on entry, that this information will be stored in an unsafe manner.

This would prevent password leakage through hacking, and prevent companies sending plain text passwords, which put customers at risk.

Companies should make reasonable efforts to use industry best practice methods (guidelines prescribed by the British Computer Society?) which do not allow hackers or internal employees to reverse engineer a password.

Current methods include
- storing a strongly encrypted mathematical hash value of password and 'salt' value - NOT the password.
- using a trusted 3rd party Authentication provider and only storing a secure token.

You can't sign this petition because it is now closed. But you can still comment on it here at Repetition.me!

Have your say on this petition!

comments powered by Disqus

Repetition.me is an independent website and is not endorsed by the government or Parliament. Comments you make on petitions using this site have no official standing. You cannot sign government e-petitions using this website, but you can follow links to open petitions on the government website where you can sign them.

repetition.me is a Good Stuff website