[security flaw] Ubuntu is a plain text offender
Kent Borg
kentborg at borg.org
Mon May 23 15:35:38 UTC 2011
compdoc wrote:
> It does bother me when a mailing list or member website sends my passwords
> to me in plaintext telling me not to forget to log in. That's just wrong.
And it should bother you, but sites are constantly doing things far
scarier than e-mailing a password the right person (such as letting
actual criminals get a copy). You should be far more bothered by the
password reuse that makes every breach have possibly unbounded consequences.
Even if a site does a password reset and e-mails a temporary password,
that is also a risk. E-mailing the original password is only worse if it
is used elsewhere.
Don't reuse passwords.
-kb
More information about the ubuntu-users
mailing list