One of the things I used to deal with as a data architect was, “Well, why can’t we just send them their password?” And the answer was always long and complex. Now, though, even my most neophyte clients understand the importance of data-level security. They no longer flinch when I say, Even though it has never happened to me ONCE I plan every database and every site as though it were going to be hacked tomorrow. And yes, I still have clients – or would-be clients – who say, Well, that’s not very secure. Well, no, it’s not. The internet, while not the den of snakes that it’s often portrayed as, is not very secure. And if you don’t plan for the worst, you’re not planning at all.

That is a lesson that Yahoo’s recent data breach can teach all of us – hopefully even Yahoo. Yahoo committed sins left and right – so trying to walk through them now would be like a confessional in Las Vegas, but the thing that stuck out in my mind was that they stored their user passwords in pain-text, and I want to spend just a second explaining what that means.

Plain-text is the same as saying text. In a storage/content sense, it often refers to non-rich text, as in, just words, no formatting. But in a database/password sense it means that the passwords are literally as you typed them. This is, in one sense, the default. Of course a password would be what you saved it as. But it is not even remotely best-practice. That’s because it means that if anyone ever get their paws on your data, they would now see your passwords clearly. That’s why any self-respecting data manager ensures that passwords are stored encrypted. That means that you enter your password, then they pass it through an encryption algorithm, and it is stored as some other, more complex and obtuse string.

How does that work? Well, there are two parts. The encryption algorithm is like a machine that mushes your original password around into this new string. What’s important to know is that that password, however, will always be mushed in the same way. That is, if you enter your password again, it will end up making it through this machine identically, every time. So, if you’re trying to log into the site and you enter your password, we compare it to the original by looking at how it looks after it’s been through the encryption algorithm.

Yahoo did not do this. Perhaps they just had some bad people at key places, but more likely with a company like that, they just had a vestigial background database and they hadn’t updated their security protocols. Whatever the reason, it didn’t end well for the 44 thousand users who entrusted their data to them. So, if I or some other data architect ever admonishes you, No, we don’t store user emails in plain text, so we couldn’t possibly retrieve a user’s email address, then you smile and say, Of course. And thank your lucky stars that you don’t use Yahoo mail, because really, who does?


Leave a Reply