[plug] ISPs storing plain-text passwords...
Kim Covil
kimc at ned.dem.csiro.au
Mon Aug 6 22:44:19 WST 2001
> Then don't use the same password. All a password is is a key for you to
> identify yourself to a party, in this case your ISP. You don't have any
> say in what they do with it beyond that and it shouldn't be trusted any
> more than who you're giving it to. It would be nice if they could
> manage without storing a cleartext version but entrusting your own
> security to the hope that $organisation and it's staff are
> ethical/competent is balmy.
I don't use the same password... but that still doesn't make me happy to
find out the password I do use is kept in plain-text for all the support
staff to look at when they please...
As I said before, it is hard enough for the general user to make up and
remember a single password... let alone a whole range of passwords NONE
OF WHICH SHARE ANYTHING IN COMMON... Most users will have some form of
system they use to remember all their passwords... allowing someone to
see just one password created by a user is enough to give a lot of
crackers a good head start on breaking all the other passwords the user
has...
Cheers
Kim
--
======================================================================
Kim Covil - CSIRO Exploration & Mining E-mail: kim.covil at dem.csiro.au
PO Box 437, Nedlands, Tel: +61 8 9284 8425 ,-_!\
Western Australia 6009 Fax: +61 8 9389 1906 / \
*_,-._/
=================================================================== v
Please direct all personal e-mail to kimbotha at covil.com.au
More information about the plug
mailing list