Hat tip to @pmhesse
The folks behind plaintextoffenders.com are doing a great service to the Internet.
You should never be seeing your password in an email from a company. If they are sending a password there are two major issues.
Email is not inherently secure. The traffic carrying that message can be sniffed, and then your login info is known.
They are not hashing passwords in their database. It’s possible that they are performing some sort of encryption on the passwords, but it is clearly reversible, and therefore capable of being hacked.
The companies found on the site tend to be smaller businesses, which are a prime target for attacks.
“Hackers are increasingly going after small businesses,” says Jeremy Grant, who runs the Department of Commerce’s National Strategy for Trusted Identities in Cyberspace.
…“They have more money than individuals and less protection than large corporations.”
So if you get an email with a password in it, go ahead and submit to plaintextoffenders.com. Hopefully the exposure will get them to fix the problem.