It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
France's new data retention law requires online service providers to retain databases of their users' addresses, real names and passwords, and to supply these to police on demand. Leaving aside the risk of retaining all this personal information (identity thieves, stalkers, etc -- that which isn't stored can't be stolen and leaked), there's the risk of requiring providers to store plaintext unhashed passwords, as Bruce Schneier points out.
Well-designed systems don't store passwords; rather, they take the password you supply and run it through a cryptographic hashing algorithm that turns it into another string (in theory, this string can't be turned back into the password). When you re-visit the website and supply your password, it is run through the algorithm again, and then the result is compared to the stored version. That way, no one -- not even the provider -- knows your password (except you). Again, that which isn't stored can't be leaked. Requiring French online services to keep a record of unhashed passwords is a reversal of decades of best practices in security.