[plug] ISPs storing plain-text passwords...
Hook
hooker at opera.iinet.net.au
Tue Aug 7 19:48:33 WST 2001
Bret Busby wrote ...
> On Tue, 07 Aug 2001, Hook wrote:
> > Kim Covil wrote :
> > > 3) There is no reason for a support person to need to use my password
> > > for any problem... as support users they should be able to modify my
> > > account directly without seeing my password...
> >
> > At iinet user passwords are used primarily to help identify the person
on
> > the phone. If I call iinet support and claim to be you, they'll ask me
for
> > the password. You'll know it, I won't. How else can the owner of an
account
> > be identified?
> >
>
> By date of birth? Mother's maiden name? Why not use something like that?
>
> Other, more secure institutions use them, or, similar identifiers.
Having woken up a bit since that first comment of mine (6:30 wasn't the best
time today :-) ), I can only agree with you Bret. If my bank is happy with
my mothers maiden name, my ISP could easily be.
The Hooker
More information about the plug
mailing list