[plug] Passwords and Liability
Matt Kemner
zombie at wasp.net.au
Sun Jan 28 00:28:57 WST 2001
On Sun, 28 Jan 2001, The Thought Assassin wrote:
> But if someone else impersonates me, it wasn't because they obtained my
> password from your filing cabinet.
Ahh, but you're assuming they get written down on paper
That's another kettle of fish altogether.
The only place passwords should get stored is on the system, and my
argument is that it makes no difference if the ISP knows the customer's
password or not, in terms of security and liability, providing the
customer doesn't use that same password for other, important things (like
their share trading account for example) - but that would be their own
fault.
- Matt
"God. Root. What is difference?" - Pitr, www.userfriendly.org
More information about the plug
mailing list