Web Hosting Reviews

Dustin promises to improve security

This weekend, a customer brought to the attention of the computer retailer Dustin that the company does not store customers’ passwords in encrypted form. This means that Dustin’s staff via the company’s current sales system can easily see the passwords used on the website Dustin.se.

Per Lengquist DustinPC för Alla contacted Dustin’s IT manager, Per Lengquist, and asked him about how the handling takes place today and how the company plans to improve security in the future.

Is it true that passwords are stored in clear text in your sales system’s database?

– It is true that the passwords are stored in clear text in the database. Correct handling is hashed so that no one – not even ourselves – can recreate the customer’s password, but only verify it.

How long has the current sales system been in operation?

– It has been with us since the beginning in 1995.

When will you switch to your new system, and how are passwords handled there?

– The new system has been completed and now we are working intensively with tests and quality assurance before the transition, which is planned for the beginning of 2014. There, the passwords will be stored hashed with salt per customer.

He adds that Dustin also takes a series of extra security measures that include the ability to encrypt the passwords in the company’s current sales system.

Here’s how to protect yourself

If you have an account on Dustin and know that you have used the same password on other services, you should change these. For example, if you use the password 1234 on Dustin’s website and the same password on Facebook, you should immediately change the password on Facebook.

As always when it comes to passwords, you should never use the same password on multiple web services. To keep track of all passwords, there are several good apps you should take a closer look at.

Leave a Comment

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *