Unbelievable.<p>Now it's Google, last time it was Fb, we are talking about the richest companies ever in existence. Why is it so hard to have internal pen testers who would discover such fk-ups as storing passwords in plain text? These companies need internal teams actively challenging the security of their products and services - something they don't seem to be doing now, or maybe they do but are not very good at it.
The second paragraph:<p>> <i>Rather than "hashing" passwords -- basically replacing the text with a string of seemingly random letters that can only be deciphered with a code -- Google says ...</i><p>No. The hashed password can <i>never</i> be "deciphered". That's part of the point of using a cryptographic hash.<p>Am I alone that I find basic errors like this really annoying?