[plug] ISPs storing plain-text passwords...

Kim Covil kimc at ned.dem.csiro.au
Mon Aug 6 20:27:43 WST 2001 

> Im sorry but I tend to differ. I worked at iiNet for 2 years, I could
> access anyone's password whenever I felt like it (including MM's). However
> in the 2 years I was there, there was NO abuse of this system. I like the
> idea of support staff being able to access a clients password, as it makes
> trouble shooting so much easier (perhaps a stint on a support desk might
> change your mind).
> All access to the accounting server was logged, and MM used to say anyone
> doing bad things would be not only dismissed but charged.
> 
> Personally I trust ISP staff (esp considering I was one of them) and as
> such have no issue with them seeing my password!

I suppose there are a number of issues here...

1) I should have been informed that my password was going to be visible
to people other than myself...

2) I should have been given the option to opt out of the system of
having my password visible...

3) There is no reason for a support person to need to use my password
for any problem... as support users they should be able to modify my
account directly without seeing my password...

4) The fact that a support person will be dismissed if they use my
password for doing bad things... does not stop them using my password...
In fact now they have my password and are disgruntled...

5) What is to stop a support person who leaves the ISP on good standing
from starting to use my password...?

6) Seeing someones password gives you insights on how they construct
passwords... and that is if they haven't just gone and used the same
password elsewhere...

Cheers

Kim

-- 
====================================================================== 
Kim Covil - CSIRO Exploration & Mining  E-mail: kim.covil at dem.csiro.au
            PO Box 437, Nedlands,       Tel: +61 8 9284 8425    ,-_!\
            Western Australia  6009     Fax: +61 8 9389 1906   /     \
                                                               *_,-._/
=================================================================== v 
   Please direct all personal e-mail to kimbotha at covil.com.au

More information about the plug mailing list