Worst of all: Greyhound.com provides no mechanism for changing a password. Ever. If an account is breached or a password is compromised, the account is stuck with that bad passcode indefinitely. Last week, I explained to a Greyhound spokeswoman why password hashing and password resets were crucial to security and asked if her company had any plans to add them to Greyhound.com. Her response:
“Per your inquiry regarding the website, this is on our roadmap to address, but at no time has a customer’s payment information been compromised when purchasing tickets on our website.”
What Greyhound doesn’t seem to understand is that many of its customers use the same password to protect multiple accounts. By storing passwords in plaintext, the bus service puts all of those accounts at risk. And the lack of any means to change passwords is just… breathtakingly negligent. Until Greyhound officials make basic security a priority, users should strongly consider deleting all data stored in their accounts and closing them the only way currently possible—by changing the e-mail address to a non-existent address such as formercustomer@example.com.