Regarding password management

On May 2, 2014, at 10:43 AM, Eric Mill <eric@konklone.com> wrote:

> Why aren't you able to share this information?

Hi Eric,

Thanks for writing to us. 

It is not our understanding that it is industry good practice to share details about password management. 

However, if you are aware of good practices in this area that you'd like to refer us to, we'd welcome the pointers. Thanks!

Ian


> 
> 
> On Thu, May 1, 2014 at 5:16 PM, Jérémie Astori <jeremie@w3.org> wrote:
> Hi Eric,
> 
> I am sorry but I am not able to share this information.
> 
> Regards,
> 
> Jérémie
> 
> 
> On 29/04/14 11:35, Eric Mill wrote:
> Please respond, here or publicly, with the password encryption and salting
> methods that were in place for the passwords which were improperly accessed.
> 
> You need to give affected users the ability to gauge the severity of the
> breach, and their course of action in response.
> 
> -- Eric
> 

--
Ian Jacobs <ij@w3.org>      http://www.w3.org/People/Jacobs
Tel:                       +1 718 260 9447

Received on Friday, 2 May 2014 17:37:45 UTC