[plug] ISPs storing plain-text passwords...

Christian christian at amnet.net.au
Tue Aug 7 11:53:50 WST 2001


On Mon, Aug 06, 2001 at 11:31:35PM +0800, Nigel Duff wrote:
 
> Personally i would be a lot more worried about someone having my CC
> details than my password. There isn't really a lot someone can do with
> your password, and its fairly easy to track down what they've been
> doing. But with my CC details, thats going to cost me money.

The $50 limit of liability here makes it reasonably safe, assuming under
the Electronic Banking conditions you are liable at all.  You seem to
think that someone having access to your Internet account won't cost you
money?  Haven't you ever heard of people getting huge Internet bills
because someone has got hold of their password and is using their
account using up their time/bandwidth quotas?  I don't think most ISPs
have a $50 limit on excess charges...

> > of different bits of information that could be used for phone
> > verification... I don't think giving someone my account password over
> > the phone should be one of them... If they want a phone-verification
> > Pass-word then they should ask for one as video-stores do... At least
> > then the damage is limited to the one account at the ISP...
> 
> Ahh, but you were just saying people find it hard to remember their
> password. Now you want them to have 2. :)

I suspect he wants them to have x unique passwords where x is the number
of "accounts" held.  If x goes over a certain number (probably around 5)
then some form of secure storage might be required to keep all of these
different password.

-- 
DSA 0x0EC1D28C: BBCB 0D79 4EBB 078A A066  7267 8BED E9D6 0EC1 D28C



More information about the plug mailing list