what's the joke about tesco? as long as you keep your email password safe what's the issue?
It's to do with how websites and organisations store passwords.
What you should use is known as a one-way salted hash. Basically you take the password and run it through a whole bunch of maths to get something entirely different to your password. The code is written such that you cannot run the algorithm backwards to get the original password.
When you want to authenticate someone logging in, you run their password attempt through the same algorithm and compare the hashes.
Doing it this way means that if/when your database is compromised and it's contents stolen you cannot gain the user's passwords and so you cannot impersonate the user by logging in normally. You also don't get a password to tie up to the user's email address and then go poking around other sites such as banking or facebook or whatever.
This is basic stuff for password security and has been around for years, it's also easy to tell when companies aren't doing it, for example if they are able to email you your original password back. Another good sign is if their system places arbitrary maximum length requirements on the password, e.g. "no more than 12 characters".
Tesco's tweet is basically admitting that they are using reversible encryption to store their passwords and thus putting all their customer's security at risk.
![NFSSw.jpg NFSSw.jpg](https://forums.overclockers.co.uk/data/attachments/41/41591-3305046b7dc158d440496c4690296cb3.jpg)