Password Security
March 1st, 2013
I do not claim to be one of the great experts in password security. I know a thing or two about stupid passwords, as I had to reset people’s passwords occasionally when I worked for an ISP. Everyone wants a stupid password. That’s old news.
Today I had forgotten a password for a site I use. I used the forgotten password link and they emailed me a new password. All well and good. Like most email based resets, they urge you to pick a new password upon logging in successfully. After all, they just sent an unencrypted email with the password in it. It’s not very secure. So, dutifully, I go to reset the password and find a single blank to enter it, which did not disguise the characters once they’d been entered (admittedly a bit silly). What does the site do then? Why it emails you confirmation of the password change with your new password in a fresh and equally unencrypted email.
Which I think somewhat misses the point.
March 1st, 2013 at 10:06 am
This actually does make me wonder a bit. I’ve been using the same password for almost everything, and I know that’s not the safest thing to do. But I use s#Th9e5lE and that’s a pretty safe password. So it is really that problematic?
March 2nd, 2013 at 12:33 am
Oh Mark. You have made my weekend.