IMG_0773 (1)

Like all things flight related, Delta Skymiles seems to take security very seriously. If you forget your password they will only reveal the password you set in a secret envelope mailed to your physical address. There’s just one problem… Delta is storing passwords in clear text (or with two way encryption), and their computers are plugged in to the internet!

Since the password (set by me) was then sent to me by Delta, it is clear that they are either storing passwords in clear text or storing them to a database using two way encryption. With two way encryption, decryption is possible, and Delta is obviously is doing this.  If Delta can, so can anyone that hacks their software. Hashing with salt is one-way encryption that is hard or impossible to decrypt, and it the preferred method for password storage.

After the hackfests launched against the likes of Target, linkedIn, and others for weak transmission encryption and storage of sensitive data, you would think other companies like Delta would take note.

Delta you are on notice! Hash all passwords.