Comment by Nextgrid
2 years ago
It's often a compatibility thing too. Insecure standards can often coexist because they're the lowest common denominator. It's just a "password" stored and transmitted as plaintext.
A secure system would involve a PKI which increases complexity and management overhead significantly (you won't be able to just copy "passwords" from one system to another, etc).
Compat is a factor and valid in some instances. It's not valid at all in this case. The old systems are wholly insecure, and should not be offered at all.
This is just some faceless corp being cheap and ignoring the consequences, not their problem.