Christopher Wright wrote:
Andrei Alexandrescu wrote:
Never ever *ever* EVER *EVER* email a password in clear. I'd say, if
anyone thinks she wants to do that, she doesn't deserve a server that
understands basic security concepts, even if one existed.
Andrei
This isn't terribly important if you're only considering one system that
does not require any significant amount of security.
However, people reuse passwords, and sometimes they'll use the same
password for sensitive and non-sensitive systems.
My point exactly. I do have one "insecure" password that I use e.g. with
mailing lists, and a "secure" password. The worst that happened was that
some webmoron has set up a system that asked me to choose a password via
a https protocol, to then email it to me in clear... When I tried to
casually explain the mistake of his ways, he got all combative.
Andrei
