plain text password
opinali at gmail.com
Mon Jul 26 05:10:38 PDT 2010
Well, the encryption secures one link in the chain but not every one.
What if I'm reading my email when some coworker comes by? What if
hackers break into my mail server or (more likely) my home PC?
Cleartext passwords are _always_ wrong, in _any_ circumstance,
including explicit request by the user (that's why any current
security system has a mechanism to authenticate the user by secondary
evidence like access to his email, and reset his password without
disclosing a claimed-as-forgotten password).
2010/7/26 Florian Weimer <fweimer at bfk.de>:
> * David Stibbe:
>> How come that a mailing list for developers sends me a confirmation
>> email containing the password for my account, chosen by myself, in
>> plain text?
> Huh? If you actually sniffed on the wire, you'd have noticed that it
> was encrypted.
> Florian Weimer <fweimer at bfk.de>
> BFK edv-consulting GmbH http://www.bfk.de/
> Kriegsstraße 100 tel: +49-721-96201-1
> D-76133 Karlsruhe fax: +49-721-96201-99
More information about the lambda-dev