Why is UCAS security inadequate?
Whilst I understand you use SSL and have done attack testing and you believe your databases are secure & advisors cannot read them, you still store users passwords in plain text.
It would not be unreasonable to hash the passwords to make them pretty much irretrievable in event of a breach. It would mean passwords aren't emailed out in plain text as they are right now and you would have to follow a password reset process but given that many people will use the same password for UCAS as their e-mail, Facebook, Twitter, possibly even their banking, a break-in/hack/attack/whatever would be devastating for UCAS reputation and it's users.
When will UCAS begin to take security of its users seriously and encrypt passwords inside their system?
It may sound obscure or whiney or whatever, but it never really seems like a problem until something goes wrong.
Thanks,
Andrew.
It would not be unreasonable to hash the passwords to make them pretty much irretrievable in event of a breach. It would mean passwords aren't emailed out in plain text as they are right now and you would have to follow a password reset process but given that many people will use the same password for UCAS as their e-mail, Facebook, Twitter, possibly even their banking, a break-in/hack/attack/whatever would be devastating for UCAS reputation and it's users.
When will UCAS begin to take security of its users seriously and encrypt passwords inside their system?
It may sound obscure or whiney or whatever, but it never really seems like a problem until something goes wrong.
Thanks,
Andrew.
Quick Reply
Related discussions
- Can someone help me with My 12 marks history essay?
- University Reference
- Personal ID ucas
- My career
- Clearing at the University of Chester
- Uni paths
- Regretting my Uni subject choice.
- low protein
- Clearing Dilemma
- My Clearing journey to Bradford
- UCAS Extra
- Switching from Open Uni to a brick university
- Getting an acceptance letter
- Need help asap pls answer this question?
- Rejected from Uni Choices
- Would it be stupid to put Oxford as my reach without A*A*A*?
- Answering questions: What happens if I miss the UCAS deadline?
- Should I try cybersecurity or stick with pharmacy?
- Last Day of 2023 Uni Application Cycle!
- EPQ Medicine
Latest
Last reply 1 minute ago
Civil Service Fast Stream 2024 - Applicants threadLast reply 3 minutes ago
Google level 4 software development apprenticeshipLast reply 10 minutes ago
TFL Apprenticeship Scheme 2024Last reply 13 minutes ago
JK Rowling in ‘arrest me’ challenge over hate crime lawLast reply 14 minutes ago
Official University of Edinburgh Applicant Thread for 2024Last reply 17 minutes ago
Repeating first year and last maintenance loan paymentLast reply 18 minutes ago
Official UCL Offer Holders Thread for 2024 entryLast reply 19 minutes ago
CLEARING???: KCL, QMUOL, ST Andrews, BATH , ROYAL HOLLOWAYLast reply 19 minutes ago
Home Office - Asylum Decision Maker (EO)Last reply 19 minutes ago
Amazon apprenticeship 2024 offer holdersLast reply 20 minutes ago
Quick reply text doesn't keep up with typingLast reply 22 minutes ago
Will I receive funding for my full 3 year degree if I repeat first year?Last reply 26 minutes ago
Student Finance applications for Part Time studentsLast reply 27 minutes ago
KPMG audit apprenticeships 2024Trending
Last reply 10 hours ago
I've been rejected by UoN Law School but given an alternative offerLast reply 2 days ago
TSR Decisions Drop In 2024 - LIVE NOW support with university decisionsLast reply 6 days ago
UCAS Applications + Uni Applicant Thread Directory for 2024 **Official Thread**Last reply 1 week ago
Study now at Exeter or wait one year to study at KCL or Bristol?Last reply 1 week ago
Deciding between universities - Exeter vs WarwickLast reply 1 week ago
Not heard back from some unis after applying in early December, should I be worried?Last reply 1 week ago
My experience with alternative offers and advice to others.Last reply 2 weeks ago
Year 13s: what's your back-up plan for results day?Last reply 2 weeks ago
Official University Offer Holder thread list (2024 entry)Last reply 2 weeks ago
Do Unis have a Quota for types of students they accept?Last reply 3 weeks ago
Uni accidentally gave me an unconditonal offer but hasn't noticed?Last reply 3 weeks ago
Rejecting firm offer, applying through clearingLast reply 3 weeks ago
Can a university revoke my application because of my autism diagnosisLast reply 3 weeks ago
Can I get into a course needing 32 ucas points when I have 16 points?Trending
Last reply 10 hours ago
I've been rejected by UoN Law School but given an alternative offerLast reply 2 days ago
TSR Decisions Drop In 2024 - LIVE NOW support with university decisionsLast reply 6 days ago
UCAS Applications + Uni Applicant Thread Directory for 2024 **Official Thread**Last reply 1 week ago
Study now at Exeter or wait one year to study at KCL or Bristol?Last reply 1 week ago
Deciding between universities - Exeter vs WarwickLast reply 1 week ago
Not heard back from some unis after applying in early December, should I be worried?Last reply 1 week ago
My experience with alternative offers and advice to others.Last reply 2 weeks ago
Year 13s: what's your back-up plan for results day?Last reply 2 weeks ago
Official University Offer Holder thread list (2024 entry)Last reply 2 weeks ago
Do Unis have a Quota for types of students they accept?Last reply 3 weeks ago
Uni accidentally gave me an unconditonal offer but hasn't noticed?Last reply 3 weeks ago
Rejecting firm offer, applying through clearingLast reply 3 weeks ago
Can a university revoke my application because of my autism diagnosisLast reply 3 weeks ago
Can I get into a course needing 32 ucas points when I have 16 points?
