JensenBreck
Reputable member
Hello,
I had a web-hosting account with a company that decided to get out of the game. They moved our website over to the company Hostway. The move went well enough, and I didn't really log in to do anything. It all just worked. Now that I need to make a site change, I discovered something that really troubled me. All the user accounts for the the site (such as FTP and SSH accounts) have a button saying "show password", indicating that the passwords are not properly salt/hashed with a properly 1 way hash. This upset me a bit, but what really troubles me is that when I called support, the verification question for me was "what are the last 4 characters of your password". At first, I thought he wanted one of the FTP account passwords, but he indicated that he wanted the main hosting account password. Meaning he was able to see that password, in plain text. This is as bad as it gets for security with ANY company that stores user account information, let alone a hosting provider, who should at least do the basic things for proper security.
Now I need a new hosting provider. I have a very simple site, with a wordpress blog. Anyone recommend a host that does security properly?
Please help.
Thanks!
I didn't find the right solution from the Internet.
References:
http://www.webhostingtalk.com/showthread.php?t=1686372
3d product animation video
I had a web-hosting account with a company that decided to get out of the game. They moved our website over to the company Hostway. The move went well enough, and I didn't really log in to do anything. It all just worked. Now that I need to make a site change, I discovered something that really troubled me. All the user accounts for the the site (such as FTP and SSH accounts) have a button saying "show password", indicating that the passwords are not properly salt/hashed with a properly 1 way hash. This upset me a bit, but what really troubles me is that when I called support, the verification question for me was "what are the last 4 characters of your password". At first, I thought he wanted one of the FTP account passwords, but he indicated that he wanted the main hosting account password. Meaning he was able to see that password, in plain text. This is as bad as it gets for security with ANY company that stores user account information, let alone a hosting provider, who should at least do the basic things for proper security.
Now I need a new hosting provider. I have a very simple site, with a wordpress blog. Anyone recommend a host that does security properly?
Please help.
Thanks!
I didn't find the right solution from the Internet.
References:
http://www.webhostingtalk.com/showthread.php?t=1686372
3d product animation video
Welcome to Admin Junkies