[plug] ISPs storing plain-text passwords...

Matthew mmurray at uunet.com.au
Mon Aug 6 20:17:06 WST 2001 

Passwords should never be stored in plain text if you ask me,
but then again that is my opinion.  What ISP's do these days
does not surprise me though.

- Matthew
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Matthew Murray
UUNET / Worldcom Engineer
Email: mmurray at uunet.com.au
Perth, WA, Australia
=-=-=-=-=-=-=-=-=-=-=-=-=-=

-----Original Message-----
From: Kim Covil [mailto:kimc at ned.dem.csiro.au]
Sent: Monday, 6 August 2001 7:58 PM
To: plug at plug.linux.org.au
Subject: [plug] ISPs storing plain-text passwords...


Hi all,

slightly off-topic but a topic dear to all our hearts I think (or it
should be if it isn't)

I have just found out that my ISP stores my password in plain-text on
their systems and that it is available for their support staff to see
whenever they look at my account records... They tell me this is common
practice with ISPs so that their support staff can tell their clients
what their password is in the case where the client forgets it...

I contend that this is a major security hole... one that I should have
been told about when I signed up... I know there are a number of support
staff from ISPs on this list and was wondering whether it is true that
this is common practice...? Also I thought I might alert you to the
possibility of this practice... cos if one ISP is doing it I wouldn't
like to guess how many others might be... *sigh*

There is no reason why anyone other than myself should ever need to know
what my password is... and I (stupidly it seems) assumed that this is
how it was...

I am currently in the process of trying to get my ISP to remove my
password from all plain-text data on their system and once that is done
I will be changing my password...

Cheers

Kim
--
====================================================================== 
Kim Covil - CSIRO Exploration & Mining  E-mail: kim.covil at dem.csiro.au
            PO Box 437, Nedlands,       Tel: +61 8 9284 8425    ,-_!\
            Western Australia  6009     Fax: +61 8 9389 1906   /     \
                                                               *_,-._/
=================================================================== v 
   Please direct all personal e-mail to kimbotha at covil.com.au

More information about the plug mailing list