[plug] ISPs storing plain-text passwords...

Bret Busby bret at clearsol.iinet.net.au
Tue Aug 7 14:01:32 WST 2001


On Tue, 07 Aug 2001, Hook wrote:
> Kim Covil wrote :
> > 3) There is no reason for a support person to need to use my password
> > for any problem... as support users they should be able to modify my
> > account directly without seeing my password...
> 
> At iinet user passwords are used primarily to help identify the person on
> the phone. If I call iinet support and claim to be you, they'll ask me for
> the password. You'll know it, I won't. How else can the owner of an account
> be identified?
> 

By date of birth? Mother's maiden name? Why not use something like that? 

Other, more secure institutions use them, or, similar identifiers.

Bret Busby
..............



More information about the plug mailing list