[plug] ISPs storing plain-text passwords...

Brian Tombleson brian at paradigmit.com.au
Mon Aug 6 22:19:45 WST 2001


> However, if the support staff can be socially engineered to give a
stranger
> your password, they could probably be made to change your password by a
> stranger if no plain text passwords are not keep.

With the obvious and distinct difference in that in the former case you (the
rightful user) would not know that someone else is using your acocunt as
opposed to the latter case where you would be locked out and be able to
raise some alarm bells.

- Brian.




More information about the plug mailing list