[plug] ISPs storing plain-text passwords...
Nigel Duff
peregrin at iinet.net.au
Mon Aug 6 23:31:35 WST 2001
On Mon, Aug 06, 2001 at 10:51:12PM +0800, Kim Covil wrote:
> > The trouble is the password is the easiest way to verify the caller is who
> > they say they are. You could use caller ID if they had it turned on, but
> > what happens if there are more than one account in the same household.
> > You could use the last 6 digits of their credit card (if thats what they
> > used for payment), but I'd be more worried about them having my CC
> > details than my password.
>
> They usually have your credit card details anyway... there are a number
Personally i would be a lot more worried about someone having my CC
details than my password. There isn't really a lot someone can do with
your password, and its fairly easy to track down what they've been
doing. But with my CC details, thats going to cost me money.
> of different bits of information that could be used for phone
> verification... I don't think giving someone my account password over
> the phone should be one of them... If they want a phone-verification
> Pass-word then they should ask for one as video-stores do... At least
> then the damage is limited to the one account at the ISP...
Ahh, but you were just saying people find it hard to remember their
password. Now you want them to have 2. :)
Nigel
More information about the plug
mailing list