General discussion
-
Topic
-
danger in double use of passwords
LockedMost reputable password-protected installations, including the network of PCs on which I log in every day to work, shuffle the password for storage, and shuffle input passwords to compare with the stored shuffled password. Someone who forgets his password gets issued with a new one – which, normally, has to be changed on first use.
Today I came to a website I had not logged on to for months. I had forgotten my password, so I asked for an updating email. I got one very quickly: it showed the same password I had been using for my local network. Obviously I had used the same password twice (some I use in more than 2 places, though usually with slight variants…), assuming the usual shuffling practice; equally obviously this site (evisions, for those who want to know) stores passwords in clear. That does not mean they are visible to all the world, but it reduces confidence.
What other installations store passwords in clear?
I have, of course, changed my network password.