Two security issues that everyone should be aware of. First, some context: I don't know about you, but I have so many username/password combinations, that I tend to use the same one(s) for several purposes. Also, we have some expectation that when we type in a password, it's kept secret, and only checked by a program.
It's true that ethically written programs such as blog and forum software that are commonly available do not reveal users' passwords to the people running the software. But we should all be mindful that there is NO guarantee that this is going to be the case on an unscrupulous site. Register at a site with your email address, and use the same password as that email account, and you're totally asking for trouble. Don't assume that your password is kept secret just because it appears as "********" on your screen. Remember, getting access to your email account is key to getting more passwords, even if they're different, using the "forgot password" feature.
Secondly, be aware that even with ethically written software, if you type your password into the wrong place, it may become visible to the operators. I have been aware of an instance where a user entered his username and password, but failed to click correctly on the password field. It was listed as a failed login attempt, with "usernamepassword" as the user who had attempted the login. Obviously, since the username and password were typed concatenated into the username field, even the ethical software I was using, showed me both the username, and his password.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment