Security & Privacy + Software & Apps

Amazon Glitch Leads to Password Risk

Posted on January 29th, 2011 by

A problem with passwords at Amazon has been discovered whereby users, in certain situations, can log in with variants of their passwords. It seems likely that Amazon used a specific encryption function that truncates any passwords longer than 8 characters. As Wired points out:

if your password is “Password,” Amazon.com will also let you log in with “PASSWORD,” “password,” “passwordpassword,” and “password12345.”

However, it seems that newer passwords (though there is no definition of what “new” means) are not affected by this flaw. Therefore, if you have an Amazon account (at any of Amazon’s many stores), and you have been a customer for a long time, it’s a good idea to go to your account page and update your password. Wired suggests that, “You can even then change your new password back to your old password, and you’ll magically be safer than you were before.” Theoretically, this should work, as the “new” password – even if it is the same – will be treated differently.