Sergey Gromov wrote:
Sun, 25 Jan 2009 13:51:28 -0800, Andrei Alexandrescu wrote:
Christopher Wright wrote:
Andrei Alexandrescu wrote:
Never ever *ever* EVER *EVER* email a password in clear. I'd say, if
anyone thinks she wants to do that, she doesn't deserve a server that
understands basic security concepts, even if one existed.
Andrei
This isn't terribly important if you're only considering one system that
does not require any significant amount of security.
However, people reuse passwords, and sometimes they'll use the same
password for sensitive and non-sensitive systems.
My point exactly. I do have one "insecure" password that I use e.g. with
mailing lists, and a "secure" password. The worst that happened was that
some webmoron has set up a system that asked me to choose a password via
a https protocol, to then email it to me in clear... When I tried to
casually explain the mistake of his ways, he got all combative.
All my passwords are generated, and different. When I acquire a
password for a sensitive resource I make sure to change it to generated
as soon as possible.
Now what password do you use for the file you keep all your passwords
in? :o)
Andrei
