Plain Text Offenders

We really need a browser addon that has a catalog of these services. When you go to sign up to one of them, it'll alert you with "This site stores your password in plaintext!"

Such a common design pattern. Is the "here is your one-time PIN to change password" really that much better, if the email account can be compromised?

It doesn't look like the list has been updated since 2021. Perhaps some of the offenders have changed their ways already.

Very surprised to see archlinux.org on there. Would’ve thought they would know better about security.