Passwords over email

Khannie · 08-08-2013 11:18AM #1

It really bugs me when you sign up to something and get sent the password by email. That password is now compromised (IMO anyway).

I just signed up to the OWASP Ireland mailing list and they sent me the password I used to sign up. Don't do that! A security mailing list that emails me my password in plaintext? COME ON PEOPLE!

For people (not me, thankfully) who reuse the same password over and over it could lead to a very bad time.

Rant over.

timmywex · 08-08-2013 04:57PM

Khannie wrote: »

It really bugs me when you sign up to something and get sent the password by email. That password is now compromised (IMO anyway).

I just signed up to the OWASP Ireland mailing list and they sent me the password I used to sign up. Don't do that! A security mailing list that emails me my password in plaintext? COME ON PEOPLE!

For people (not me, thankfully) who reuse the same password over and over it could lead to a very bad time.

Rant over.

Id forgot OWASP do that...very poor really

Dum_Dum · 08-08-2013 09:43PM

Mailman list passwords are not strictly required and are regarded as 'throwaway'.

moc moc a moc · 08-08-2013 10:17PM

Don't forget that this probably means that they are also storing passwords in plaintext! You should bring this to their attention directly - particularly shameful given the 'security' prentences of the OWASP folks.

With all the high-profile password DB hacks we've had in recent years, you'd think people would learn...

Passwords over email

Comments