Anssi Saari <a...@sci.fi>: > "Frank Millman" <fr...@chagford.com> writes: >> To my surprise, they sent me my existing username *and* my existing >> password, all in clear text. > > I'd say it depends on what the password is actually used for. You seem > to indicate it's just so you can access the internet? To me it seems > abusing that password is hard to impossible since it's your fibre to > your home. If the password is used for access control for anything > then it's an awful practise.
The message to take home is that whenever you are faced with a password prompt, the recipient can do with the password whatever they want. You should assume the worst. The password will be stored in the clear and all employees of the recipient have free access to it. Also, there's a high likelihood that the credentials will leak outside the organization. Marko -- https://mail.python.org/mailman/listinfo/python-list
