PC för Alla contacted Dustin’s IT manager, Per Lengquist, and asked him about how the handling takes place today and how the company plans to improve security in the future.
Is it true that passwords are stored in clear text in your sales system’s database?
– It is true that the passwords are stored in clear text in the database. Correct handling is hashed so that no one – not even ourselves – can recreate the customer’s password, but only verify it.
How long has the current sales system been in operation?
– It has been with us since the beginning in 1995.
When will you switch to your new system, and how are passwords handled there?
– The new system has been completed and now we are working intensively with tests and quality assurance before the transition, which is planned for the beginning of 2014. There, the passwords will be stored hashed with salt per customer.
He adds that Dustin also takes a series of extra security measures that include the ability to encrypt the passwords in the company’s current sales system.
Here’s how to protect yourself
If you have an account on Dustin and know that you have used the same password on other services, you should change these. For example, if you use the password 1234 on Dustin’s website and the same password on Facebook, you should immediately change the password on Facebook.
As always when it comes to passwords, you should never use the same password on multiple web services. To keep track of all passwords, there are several good apps you should take a closer look at.