China Software Evaluation Center 29 released the website user password processing security external evaluation report pointed out that there is a prominent security issues on the domestic site user password handling. In the sample survey site, 59% did not take any security measures. China Software Testing Center, deputy director of the proposed high as soon as possible to establish a personal information protection system, strengthen the protection of personal information technology and management level.
Beijing Key Laboratory of Peking University of Internet security technology
China software testing center, from the portal, e-mail, e-commerce, recruitment and other 9 categories of 100 sites, the safety evaluation of the processing of user password.
evaluation found that most of the security awareness of the user site password processing is not enough. 100 sites, only 8 sites to take adequate security measures for treatment of user password, there are 59 sites did not take any security measures, so that the user password is directly exposed to the transmission network and the server, 85 more sites directly get the user’s password.
"part of the user in different sites registered account used by the same user name and password, once the password was leaked on a web site, in other data on the site was also a certain" joint leak ", greatly increases the security risk." Peking University, Beijing Key Laboratory of Internet Security Technology Senior Engineer Gong Xiaorui said.
report shows that different types of sites on the user password processing security awareness is not the same, recruitment, love and marriage website security awareness is the weakest. The e-commerce site was assessed, almost all sites are directly access to the user’s original password.
is currently in the website user password, there is not a clear standard or specification, how to handle the user password can only rely on the web site developers, operators and self-discipline to understand the common sense of safety, which is one of the main causes of the above problems." Gao Chiyang, deputy director of China software testing center.
Gao Chiyang recommendations, the establishment of personal information protection system as soon as possible, strengthen the protection of personal information related enterprises in technology and management system, create a healthy Internet environment.
at the same time, China Software Evaluation Center will be based on national standards, for the website and other related enterprises to carry out the personal information protection management system certification service. (reporter Zhang Xinxin)