- note to self and share with others, blog by Peter Legierski

Peter Legierski

/pronounced as leg-year-ski/

Occasional workaholic, regular teaholic. Lead Developer of GatherContent. Fat, powdered nose, indoor climber!

Currently working on my personal projects Substance and phpconsole. Check them out!

World’s Largest Wi-Fi Network Keeps Passwords in Plain Text

Note from Peter:
Here's a tool I'm working on that will let you debug your PHP code with ease: Phpconsole. You can capture emails, variables and function output. Check it out and let me know what you think!

Have you ever heard about FON Community?I will be surprised if your answer is “no”. It’s world’s largest Wi-Fi network with over 4 million users, as they claim on their website. The idea behind it is pretty simple - you agree to share a fraction of your Wi-Fi signal with the community and in exchange you can access any other Wi-Fi router in the community - with over 4 million users in the network around the world it gives you a pretty good alternative to internet cafe’s/hotel internet if you’re travelling or want to work from park on a nice sunny day.

Check out their coverage map, it’s pretty impressive, at least in UK:

Ok, ok, why are you telling me all this?

I’m a member of FON Community myself and recently was trying to log into my account, without luck. I used “Forgotten password” option that is available on pretty much any website that stores users’ credentials. I typed my email address and was expecting to receive an email with randomly generated string as my new password. What I found in my mailbox instead?

It was my old password in plain text! I love the network and use it quite often, but still can’t believe that they keep passwords of 4 million of their users in format that can be easily accessed in (or decrypted to) plain text - something I would expect from a complete amateurs that never gave a single thought to password protection. Shame on you, FON.

I urge you to change your password

if you’re also a member of FON Community. We’ve read enough about websites that keep passwords in plain text. It’s yet another reason to generate unique credentials to each web service we use and store them in some safe place, like 1Password or change the way we’re accessing them, eg. using QR codes.

This post is on Hacker News and Reddit. Join discussion:
Hacker News link
Reddit link

If you read this far, you should follow me on Twitter.

Posted 2 years ago - Comments
  1. legierski posted this
#password #plain-text #security #wi-fi #wifi #FON