Thanks to the Hacker News community for voicing their criticism and making some great points on web security and password management. To join the debate on Hacker News Click Here. Last week Plenty Of Fish got hacked and a big drama ensued after Markus Plenty of fish email not in database, its Founder and CEO, wrote a long rambling article accusing a 23 yo Argentinean hacker, Chris Russo, of extortion and harassing him and his wife.
Markus blog post caused what seems to be now the worst PR nightmare any company could dream of. Instead of getting compassion and from his readers, he was heavily ridiculed and made fun of by hundreds of commenters and web publications across the Internet.
One must assume that every website will eventually get hacked and therefore must ensure that once the data is exposed the potential damage that can be caused is minimized as much as possible.
The main concern should be users privacy and with that comes their passwords. Unfortunately, a great deal of people use the same password for many of their online accounts. It is not safe but it is practical and no matter how much we are told not to do so, people will keep doing it. Knowing this, the least thing a developer can do is to at least encrypt all the user passwords so in the event of a hacker gaining access to the database, the hacker will expose unusable information.
So is Markus that big of a moron? I think Markus is a genius, a nerd, a geek, a hacker himself, maybe not the best programmer but definitely one of the very few people in the history of the Internet to pull such feat all by himself.
As one can see from reading his blog he is not shy to tell the world how good he think he is. Back in the day he went as far as posting a huge Google Ad cheque made to his name from advertising revenue gained through his website.
Nope, Markus is no fool so if he stores passwords in plain text is for a reason, and a good one indeed.
Probably the reason is just one of the many reasons that has made POF as successful as it is today. The main reason is to boost user retention. This works two ways. This accomplishes two things at once. For one, it acts like a news letter, it reminds you that POF exists, that you should go there.
Although many use the same password for all their accounts, there are also many people that use several passwords and have difficulty remembering them. Well, so if you forget your password it is way more likely that you will not log back "Plenty of fish email not in database" a website.
Yes you can go ahead a go through the recovering process, but that takes time and we are lazy. It is way smarter to keep reminding you of your password, and that is exactly what Markus does. According to Markus himself most people signup for 2 or more online dating sites. Which one will you be more likely to go back? So there you go, what is most likely, that a guy that has build the largest free dating site the world is a moron?
Occam tells us is more likely to be the latter assumption. Not only that, Markus has admitted that keeping pictures aspect ratio all wonky is great to increase ad revenue traffic as people are forced to click on the pictures to view them properly. Or the fact that it is almost impossible to cancel your POF account so even years after finding your true love you keep getting those hot weekly matches every Monday. Not siree, our highly polemical and at times seemingly derranged interweb lord of the e-date realm is no fool.