Password Security

March 1st, 2013

I do not claim to be one of the great experts in password security. I know a thing or two about stupid passwords, as I had to reset people’s passwords occasionally when I worked for an ISP. Everyone wants a stupid password. That’s old news.

Today I had forgotten a password for a site I use. I used the forgotten password link and they emailed me a new password. All well and good. Like most email based resets, they urge you to pick a new password upon logging in successfully. After all, they just sent an unencrypted email with the password in it. It’s not very secure. So, dutifully, I go to reset the password and find a single blank to enter it, which did not disguise the characters once they’d been entered (admittedly a bit silly). What does the site do then? Why it emails you confirmation of the password change with your new password in a fresh and equally unencrypted email.

Which I think somewhat misses the point.

2 Responses to “Password Security”

  1. Mark Says:

    This actually does make me wonder a bit. I’ve been using the same password for almost everything, and I know that’s not the safest thing to do. But I use s#Th9e5lE and that’s a pretty safe password. So it is really that problematic?

  2. Ian Macleod Says:

    Oh Mark. You have made my weekend.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.