I recently forgot my password for our cable provider online account, only to discover that they sent it to us via plain text in an email. I quickly sent an email to customer support asking them if they were storing passwords in plain text in their database. I actually got a quick response back from one of their software engineers who said that due to the "application's design" it was necessary to hash the passwords in a recoverable format.

I didn't send an email back to ask if they were using a salt, but in general, I thought they were adhering to the lowest common denominator with regard to password security and recovery.

Am I in the wrong here? If they are using a strong encryption method, is this perfectly acceptable?

For an ISP it is quite likely that they store your password in plain text or using a reversible encryption. This reversible encryption is not a hash as the answer claimed.

ISPs tend to not use one way hashes because a number of old protocols use the password as part of a challenge-response digest authentication.

Most notable is APOP, which is an extension to the old Post Office Protocol. In normal POP the username and password are transmitted in clear text, which is obviously bad. So people thought of an extension which prevented sniffing and replaying attacks: The server sends a unique identifier (for some strange reason it is called timestamp in the specification although it is more). The client concatenates this identifier and the password before calculating the MD5 hash. The server needs to do the same calculation, therefore it needs the clear password. This protocol is outdated; POP over SSL should be used instead. But it is still in common use.

Furthermore, ISPs often offer a number of services and getting all of them to use a central authentication mechanism is a huge challenge. So often passwords are replicated to those servers instead. Since this replication must be reproducible at any time for reliability reasons the clear text password is often stored. If a central authentication is not possible, it would still be preferable to store the different encrypted formats at the replication source instead of the plain password.

It is obviously extremely bad practice to give those passwords out to customers and first level support personal. Sending them in plain email makes it even worse.

  • Many other protocols support SASL DIGEST-MD5, which if enabled would have the same problem as APOP. – grawity Nov 23 '17 at 07:51

There are many protocols which require passwords to be stored in plaintext (or encrypted, but not hashed), for example HTTP Digest authentication, so there are legit reasons to store passwords in a recoverable format. Done right, this is acceptable. In the case of an exposed password store (and encryption key), most of the passwords can be recovered pretty cheaply even if they are hashed, so the difference isn't that great.

But, your description of their actions does not really sound convincing - it may be legit, but I wouldn't bet on it.

As a user, however, you should never trust that your password is not stored in plaintext (eg. visible to administrative people viewing your account), or that the service actually manages to keep the password safe. This means the normal precautions of not sharing passwords between sites and having the password be hard to remember by just glancing at it.

ISPs, like everyone else, are vulnerable to insider attacks, external compromises, and social engineering, so the practice you describe is very bad. Most importantly they shouldn't be sending "you" your password - that is just too easy to socially engineer. They should reset your password and send you a token to log in and create a new one.

Beyond that, people reuse passwords despite all our efforts to encourage them not to, so any online storage of passwords puts users at risk.

As others note, there are some old protocols that require plain text, like APOP and HTTP Digest Authn, which probably explain these old internal processes. Microsoft has the same problem with some of its older systems. But those are bad protocols which should be eliminated, because of exactly these sorts of reasons.

Properly hashed reasonably-good passwords can indeed be protected from cracking.
See How to securely hash passwords? for how to do it (and how not to do it!)

