Discussions

danger in double use of passwords

Tags: Cloud, Security
+
0 Votes

danger in double use of passwords

john.a.wills
Most reputable password-protected installations, including the network of PCs on which I log in every day to work, shuffle the password for storage, and shuffle input passwords to compare with the stored shuffled password. Someone who forgets his password gets issued with a new one - which, normally, has to be changed on first use.

Today I came to a website I had not logged on to for months. I had forgotten my password, so I asked for an updating email. I got one very quickly: it showed the same password I had been using for my local network. Obviously I had used the same password twice (some I use in more than 2 places, though usually with slight variants...), assuming the usual shuffling practice; equally obviously this site (evisions, for those who want to know) stores passwords in clear. That does not mean they are visible to all the world, but it reduces confidence.

What other installations store passwords in clear?

I have, of course, changed my network password.

Member Comments

    +
    0 Votes
    Collapse -

    Anyhow last reports I read say it stores passwords in clear text.

    +
    0 Votes
    tcavadias Staff
    Collapse -

    Hadn't realized Google Chrome does that... does make you wonder just how many out there do this, which leads to less confidence from the part of the user.

    +
    0 Votes
    Collapse -

    however, they are not the only one! Firefox did as well. Though Firefox offers to use a master password and encryption. Read this...
    http://www.itnews.com.au/News/352619,chrome-firefox-store-saved-passwords-in-plain-text.aspx

    and this
    http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw

    I've been using Opera for 15 years or more, but even in Opera I don't use the password manager that is built in. Haven't studied the latest chromium/blink based Opera to see if it inherits this behaviour, the versions I use store them encrypted supposedly, with a master password. I still use, are you ready for this...ZDNet's Password Pro, hehe! On my Windows PCs anyhow!
    It never ceases to amaze me what people give up in the name of convenience!
    Wiz

    +
    0 Votes
    Simply_Michael
    Collapse -

    Yes you are right, it means at this point of website the security concern is low. we should aware of that thank you.

    +
    0 Votes
    T9RKELL
    Collapse -

    I have begun using 2 factor authorization on my Google account. I feel safer now but of course it's a bit of frustration if phone is not in the pocket.