smb at cs.columbia.edu
Mon Sep 12 23:27:03 BST 2011
On Sep 1, 2011, at 8:03 18AM, R J Cronk wrote:
> Does anyone else find it ironic that the service this lists uses stores passwords in plaintext?
While it would be better if the web form used https, I regard the plaintext password as commensurate with the value of the resource being protected -- this is hardly a secret list with high-value, restricted content. As someone else noted, leave it out when you sign up; if you ever need it, it will be emailed to you in the clear.
--Steve Bellovin, https://www.cs.columbia.edu/~smb
More information about the PET