[plug] ISPs storing plain-text passwords...
Carol Butler
misprint at bizzpro.com.au
Mon Aug 6 22:45:18 WST 2001
>
Well... my isp seems to have a decent setup... they are running a system where
if multiple logons of one user are detected by the system then it kicks all of
them and sends an email to the client informing them to contact them and that
there is a possible security problem. This has happened to me once before and it
is not a problem for me as it's easy to change a password.
I do not feel that the passwords should be kept in plaintext format anywhere
unless it is a stand alone machine and even hen it should not be plaintext. They
should at least be encrypted.
The only problem is... we cannot really do anything about it.
More information about the plug
mailing list