Two factor security?
We've encrypted this password (insecurely stored here) in a secure store.
Does make you wonder about all the other sites who think they have strong security. Did they use a standard package, and if so which one?
Kudos to the researchers. Shows that you need to do more than just use a secure password store; the whole end to end process needs to be audited with a fine tooth comb.