Go Down

Topic: Concern about password security (Read 1 time) previous topic - next topic

Jack Christensen

#10
Aug 11, 2012, 08:41 pm Last Edit: Aug 11, 2012, 08:43 pm by Jack Christensen Reason: 1
Agree with the OP 110%. Any system that stores or mails passwords in cleartext is not secure. They should be stored encrypted, with a one-way algorithm so that the cleartext is never recoverable. If a password is forgotten, the only option should be to set a new one.

@AWOL, no consolation, but it's not so much about the moderators.
MCP79411/12 RTC ... "One Million Ohms" ATtiny kit ... available at http://www.tindie.com/stores/JChristensen/

James C4S

The concern is not that the password was transmitted via email.  The concern is that by being able to include the password in an email means it is not stored securely. 

If the passwords are salted but not hashed, it is effecrively the same as storing them in plaintext.
Capacitor Expert By Day, Enginerd by night.  ||  Personal Blog: www.baldengineer.com  || Electronics Tutorials for Beginners:  www.addohms.com

Jack Christensen


The concern is not that the password was transmitted via email.  The concern is that by being able to include the password in an email means it is not stored securely. 


Actually, I have an issue with both.
MCP79411/12 RTC ... "One Million Ohms" ATtiny kit ... available at http://www.tindie.com/stores/JChristensen/

dxw00d

Quote
being able to include the password in an email means it is not stored securely.


That assumes the email is sent after being stored, which is not necessarily the case, it may be sent prior to storage. If you click the 'forgot password' link on the sign in screen, you are sent a link to reset your password, you are not re-sent the original.

AWOL

(I'm still wondering what "asshat" means. Isn't he the president of Syria?)
"Pete, it's a fool looks for logic in the chambers of the human heart." Ulysses Everett McGill.
Do not send technical questions via personal messaging - they will be ignored.

Go Up