gchq recruitment site stores plaintext passwords

I can’t resist this. El Reg today points to a blog post by a guy called Dan Farrall who has commented on his experience of receiving a plain text reminder of his GCHQ recruitment site password by email after filling out its forgotten password form.

Farrall’s blog post is worth reading. Whilst he acknowledges that the recruitment site is likely to be run by a third party, he rightly points out that their security practices should still have been audited by GCHQ.

At the minimum, this is embarassing for the guys in the doughnut. You’d expect GCHQ to have higher standards than the BCS.

Permanent link to this article: https://baldric.net/2013/03/27/gchq-recruitment-site-stores-plaintext-passwords/