As if to illustrate the main point in our recently published whitepaper on handling passwords securely, yesterday in the news, a scam was reported where hackers broke into Citibank’s network of ATMs inside 7-Eleven stores and stole customers’ PIN codes.
The article reports that “despite industry standards that call for protecting PINs with strong encryption — which means encoding them to cloak them to outsiders — some ATM operators apparently aren’t properly doing that. The PINs seem to be leaking while in transit between the automated teller machines and the computers that process the transactions.”
While most of your web apps may not be as attractive targets as bank ATMs, it certainly highlights the password handling vulnerability brightly. Read our whitepaper for suggestions on how to guard your web app against this.