Re: Passwords in the clear update

noah_mendelsohn@us.ibm.com wrote:
> Jonathan Rees suggests:
> 
>> "Good practice: Clear text passwords are a serious security risk. 
>> Transmit passwords in the clear only in applications that do not 
>> require any assurance of security."
> 
> I'm sympathetic to your attempt to come up with something, but I think 
> this misses an important nuance that is mentioned in the draft minutes of 
> our meetings.  As I understand it, one concern is with the risk that 
> novices will use the same password for multiple applications.  So, you 
> deploy the "birthday party registration application" for your child, and 
> decide that pwds in the clear are just fine for that.  Unbeknownst to you, 
> those registering for the birthday party use the same password as for 
> their bank account.  Nefarious network sniffers pick up the pwd from the 
> birthday login, and use it to empty the bank account.
> 

Previously I thought cleartext passwords were sometimes OK along the 
lines you suggest, but you've  now convinced me otherwise. I now think 
the only reasonable answer is that clear text passwords are never 
acceptable. Full stop. Any suggestion that they might be acceptable in 
some circumstances is irresponsible. We need to bite the bullet and 
accept that.

> "Good practice: Clear text passwords are a serious security risk. Transmit 
> passwords in the clear only in applications that do not 
> require any assurance of security, and when users are aware of the risks."

Don't we know by now that all users are never aware of the risks? Let's 
stop trying to put lipstick on this pig. Cleartext passwords don't work. 
  They are dangerous and we need to deprecate them.

-- 
Elliotte Rusty Harold  elharo@metalab.unc.edu
Refactoring HTML Just Published!
http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA

Received on Thursday, 9 October 2008 15:14:24 UTC