Have your say on government e-petitions

Data Protection Act - Include password storage

Submitted on Saturday 15th February 2014

Published on Tuesday 18th February 2014

Current status: Closed

Closed: Sunday 18th May 2014

Signatures: 5

Tagged with

British ~ SAlt

Petition Action

Data Protection Act - Include password storage

Additional Information

To prevent fraud, and force companies to act responsibly - I want the Government to amend the Data Protection Act (or any relevant act) to treat customers passwords as "prohibited data", unless they make it clearly visible, on entry, that this information will be stored in an unsafe manner.

This would prevent password leakage through hacking, and prevent companies sending plain text passwords, which put customers at risk.

Companies should make reasonable efforts to use industry best practice methods (guidelines prescribed by the British Computer Society?) which do not allow hackers or internal employees to reverse engineer a password.

Current methods include
- storing a strongly encrypted mathematical hash value of password and 'salt' value - NOT the password.
- using a trusted 3rd party Authentication provider and only storing a secure token.


You can't sign this petition because it is now closed. But you can still comment on it here at Repetition.me!

Have your say on this petition!

comments powered by Disqus

repetition.me is a Good Stuff website

18.117.156.26 Sun, 22 Dec 2024 10:35:24 +0000