[plug] ISPs storing plain-text passwords...
Evan Lau
evanlau at tartarus.uwa.edu.au
Thu Aug 9 09:18:24 WST 2001
Hi guys,
Let us not trash individual ISPs on this list. Discussion of various
methods employed by ISPs is fine, and so is civil criticism or admiration
of those various methods....but I don't think we should let trash them,
eg. "ISP x uses plain text so it is less secure" but not "I hate ISP x
because it is dodgey and has more user base than my ISP" etc.
As with plain-text passwords....my particular ISP stores encrypted
passwords. When a person calls, if he/she needs to be identified, the
password is given over the phone by the person to the support staff, then
the staff member simply tries to log on into their shell account to
determine whether the password is right or not.
If a user forgets the password, he/she must identify themselves in some
way or other (through details obtained when first joining), then the staff
member resets the password.
Say what you may about giving staff members the ability to set user
passwords, but then again....we don't get very many (if at all) calls from
anybody claiming they are but themselves.
Cheers,
Evan
More information about the plug
mailing list