[clug] OT: Passwords to verify identity

Carlo Hamalainen carlo.hamalainen at gmail.com
Wed May 15 22:08:00 MDT 2013

On Thu, May 16, 2013 at 1:40 PM, Andrew Steele <fozzy at zipworld.org> wrote:

> Turns out their passwords are all stored in plain text so they can use them
> to verify identity.  I've suggested this is a bit of a security weakness
> and I was told it wasn't.

I hope you use something like KeePassX to generate long passwords.

> I can accept an organisation's need to verify my identity, but do people
> think this is an appropriate way to implement it?

Submit them to Plain Text Offenders: http://plaintextoffenders.com/about/

Carlo Hamalainen

More information about the linux mailing list