Passwords are quickly going the way of the dinosaur. Not only are they difficult to remember, but they’re also easy to crack with the right tools. As hackers continue to refine their techniques, momentum is moving towards biometrics as the go-to authentication method — as fingerprints and facial mapping are much harder to fake. But what about all of the websites and platforms that still use passwords today?
Well, in many cases, these websites aren’t the safest places for passwords — and by extension, your private data. A popular investment service has just announced that a vast number of its users’ passwords were stored on its servers in plaintext. This means there was no protection, encryption, authentication, or anything preventing cybercriminals from stealing them.
When it comes to services that manipulate your money, security is of the utmost importance. But with incidents like password exposure becoming more and more common, can we really trust these types of platforms for password protection anymore? We have the latest details on this new security issue, as well as why you should change your password if you were affected.
A rundown on Robinhood’s riskiness
Robinhood is a popular service for managing investment and stock portfolios that boasts millions of active users. Obviously, the information the application uses is incredibly sensitive. That’s because stocks and non-liquid assets make up a significant portion of Robinhood’s users’ wealth.
In a new email that Robinhood customers are receiving this week, not all appears to be as it seems on the back end of this platform. The email announces that a number of users had their passwords stored in the company’s database in a form that made it “readable.”
The email goes on to say that the issue was quickly rectified and that Robinhood recommends each user change their password as a further precaution. We’ve included a screencap of the email below:
To translate from “legalese”: This means that a number of users’ passwords were stored in “plaintext” format.
If passwords are stored in plaintext, there is no encryption or protection from prying eyes — meaning hackers could have easily read and recorded the data! Robinhood, however, disputes that any entities were able to access the information, and confirmed that no security breaches had occurred on its system.
Should I change my Robinhood password?
In short: Absolutely! Storing passwords in plaintext, despite what Robinhood is claiming, is far from an “industry-standard process.”
On the contrary, it leaves your information a sitting duck for cybercriminals. The fact that nobody was able to access the information is a relief, but it just as easily could have been the case that millions of customers had their financial data leaked thanks to the lack of security on Robinhood’s part.
If you have an at-risk account, you will have likely received the same email. Clicking the green highlighted links will lead you to a page that will walk you through the process of changing your password. Thankfully, Robinhood says it’s no longer using a plaintext system to store passwords, so anything you change your login to should be safe for the time being.
That said, don’t hesitate. The longer you wait to reset your password, the greater your security risk can become. In fact, changing your password on a regular basis — for nearly any platform you use — is one of the best ways to keep your data safe. Plus, it no longer requires you to rely on notoriously unreliable systems to keep your information out of the wrong hands.
Maybe none of this will be an issue when the World Wide Web Consortium fully adopts biometrics, but who knows how futuristic hackers will have become by that time. Perhaps we’ll see stores just like in Blade Runner where people “make eyes” just to fool biometrics. The question then becomes: how do you reset your biometric data!?
Stay safe out there!