Boycott websites that send you email with your password in clear text(imsaar.posterous.com) |
Boycott websites that send you email with your password in clear text(imsaar.posterous.com) |
Incredibly ignorant statement. If it's encrypted in a reversible format then it's not cleartext. If it's being sent in a confirmation email, then it could even be stored as a one-way hash: password extracted from the form, inserted into email, hashed and stored (This is what WordPress, for example, does).
A case can be made against both of those procedures, but that is a separate issue from his statement being ignorant.
It's not foolproof, but for stupid free websites (that's what we're talking about right?), storing encrypted passwords isn't an automatic gimme for the attacker.
Besides, what is the utility of sending such an email. If certain software is open source and I can assure they are doing the right thing I will be much more comfortable.
1. I didn't used to do this, but I got so many requests that I eventually caved. 2. No money changes hands on the site.
For example, for HN, you can use:
orycPASSWORDy
[2 last letters][2 first letters][master password][1 first letter]
Good idea to mix and match numbers in the master password for added security. So for HN it can be: orycpassword1y
The good thing is that you only need to remember a single password for all your sites, yet they are all different. And if you ever forget a password, you can figure out what it was by simply looking at the url.
Password schemes like this are still inherently breakable; as soon as someone gets your key password then the rest is trivial to figure out - so why bother with the complication?
+ what do you do when you aren't using your own computer. Want to check your email at work? Nope sorry, gotta provide the 25 digit randomly generated password.
Nothing is unbreakable, if someone wants your password they'll get it. For the password generator case they can just break into your house and steal your computer. Or organize a group of mercenaries to take hostages at AT&T to gain access to your packets....hey we are talking about a nemesis right?
And here is an added bonus...how do you know that random password generator app isn't sending all your passwords to a master file? Whoa, did I just blow your mind?
Different passwords is all you need for protection. That way if the company loses your username/passwords, the bots that will be using that information to check the passwords on other sites, won't get a hit.
Boycott might be too strong of a word. I just want to bring attention to this point that the user community care about security and this is not a good practice.
http://www.techconsumer.com/2008/02/11/bad-form-companies-st...
Thank you tomfakes for the comment.
That'll go down real well with them. I think I'll skip this one.
Although there are better ways to setup an account and may be gogle app should force the user to change their password on their first login but this is not the same as me setting up my own account and getting an email with my own password I just typed twice to register.
Not sure what is difference that made people care about this but not that, but open to enlightenment.
Your post looks pretty relevant, related and good. I have voted it up if that helps.
I don't even want to get into the rat-trap of "what kinds" of attackers are stopped by reversably encrypted passwords. There's no kind of attacker that can reverse a properly hashed password, and so that's what you should use.
I'm sure there are exceptions to this rule, but we shouldn't encourage a design that has the potential to hurt users (if the database + password encryption key are compromised), when the solution (seeded hashing) takes just about the same amount of work (probably less).
a. (on not having access to your passwords). iPhone with them helps. (yes, i have to unlock that db with my hashing password). But in reality, I prefer that I can't get access to my email/facebook/whatever without having my machine. If i'm at work, I should be working... but it's the same machine anyhow ;)
b. true about stealing my machine. But again, my passwords are locked by my one key control password (which i don't easily remember either... yay for muscle memory ;)). Yes, it's a SPoF.
c. I clarified with Little Snitch. I don't really care that much. Because you're right: if one company screws you over and unveils your passwords, then having a scenario where people could then log into your email or bank means end of identity and a life of credit hell.
I just think that having a predictable password scheme is about the same as having the same password. If it's easy to guess, then you may as well have the same. IMHO, the only way to guarantee against any problems if one of your passwords is exposed is to go random. :)