More disturbing is the way password recovery works on some of these sites. At least half the time, when I get the (unencrypted) recovery e-mail, my password is right there in the message, in plain text. That means the site is storing all those passwords in plain text in a database -- one that's being backed up somewhere and is probably readable by a significant number of admins and possibly anyone who happens to snag a backup tape. It's a catastrophe waiting to happen.I agree - and I am sure most of you do also - that this is catastrophes waiting to happen and many have already happened! The problem is so much is now tied to our identities that it is nearly impossible to protect ourselves effectively. I once asked a lady in front of me at the grocery store why she wrote a check rather than use a debit/credit card to pay for her purchases and she responded with "I've never had my identity stolen via a check". Good point lady.
Technorati Tags:
security, identity management
No comments:
Post a Comment