View Single Post
  #4   (View Single Post)  
Old 14th November 2013
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

It could be worse. A large Dutch telecom (KPN) once claimed their passwords were encrypted with UTF-8 :-)

I've once had my password read to me over the phone by someone checking some basic information (name, email, address, and apparently also password)... The (repeated) attempts to actually pronounce my random passwords were quite amusing.

A few months ago, there was quite some hubub in the Netherlands because a journalist had `hacked' a medical system because a patient had overheard a password.

The point is, whenever you use a password, *anywhere*, it's best to always assume your password is public.
Just storing the passwords securely is no guarantee. I could, for example, easily modify the code for these forums to email me your password when you login.

The best thing you can do is:
1) Use a password manager & unique passwords
2) *Always* use a password manager & unique passwords!

This won't actually stop misuse, but it would certainly limit the scope of misuse.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote