New draft TAG finding - Passwords in the Clear


A new draft TAG finding is available for review and comments:

    Passwords in the Clear


The purpose of this finding is to clarify the security concerns around
using passwords on the world wide web.  Specifically, the objective is
to point out a few conclusions the TAG has come to;
1) Passwords MUST NOT be transmitted in clear test.
2) Passwords MUST NOT be displayed on the html form in clear test.
The purpose of this paper to explain these findings and give direction
around possible alternatives.

This will be discussed at the upcoming f2f meeting this week.
Comments on are welcome.

Vincent Quint                       INRIA Rhône-Alpes
INRIA                               ZIRST
e-mail:      655 avenue de l'Europe
Tel.: +33 4 76 61 53 62             Montbonnot
Fax:  +33 4 76 61 52 07             38334 Saint Ismier Cedex

Received on Monday, 2 October 2006 09:03:26 UTC