- From: Pat Hayes <phayes@ihmc.us>
- Date: Thu, 9 Oct 2008 13:39:00 -0500
- To: elharo@metalab.unc.edu
- Cc: noah_mendelsohn@us.ibm.com, Jonathan Rees <jar@creativecommons.org>, David Orchard <orchard@pacificspirit.com>, "www-tag@w3.org" <www-tag@w3.org>
On Oct 9, 2008, at 10:13 AM, Elliotte Harold wrote: > > noah_mendelsohn@us.ibm.com wrote: >> Jonathan Rees suggests: >>> "Good practice: Clear text passwords are a serious security risk. >>> Transmit passwords in the clear only in applications that do not >>> require any assurance of security." >> I'm sympathetic to your attempt to come up with something, but I >> think this misses an important nuance that is mentioned in the >> draft minutes of our meetings. As I understand it, one concern is >> with the risk that novices will use the same password for multiple >> applications. So, you deploy the "birthday party registration >> application" for your child, and decide that pwds in the clear are >> just fine for that. Unbeknownst to you, those registering for the >> birthday party use the same password as for their bank account. >> Nefarious network sniffers pick up the pwd from the birthday login, >> and use it to empty the bank account. > > Previously I thought cleartext passwords were sometimes OK along the > lines you suggest, but you've now convinced me otherwise. I now > think the only reasonable answer is that clear text passwords are > never acceptable. Full stop. Any suggestion that they might be > acceptable in some circumstances is irresponsible. We need to bite > the bullet and accept that. > >> "Good practice: Clear text passwords are a serious security risk. >> Transmit passwords in the clear only in applications that do not >> require any assurance of security, and when users are aware of the >> risks." > > Don't we know by now that all users are never aware of the risks? > Let's stop trying to put lipstick on this pig. Cleartext passwords > don't work. They are dangerous and we need to deprecate them. Cleartext passwords may be dangerous, but the certainly WORK. Do they endanger anyone other than the owner of the password? If not, I suggest that anything beyond giving a clear warning is inappropriate. If people take risks when cognizant of them, as they undoubtedly will, then may their gods go with them, but its not the Web's (or anyone else's) responsibility to protect the entire planet from risky behavior. I myself live a risky life in this regard, and I am quite happy to accept the risks in return for the life-enhancing convenience of not having to remember 150 different passwords. I would take up arms to resist any world-wide imposition of a global safety belt that makes my life harder than it is, and to hell with your or anyone else's notions of Web safety. As Bessie Smith said: if I should take a notion to walk into the ocean, 'tain't nobody's business if I do. Pat Hayes ------------------------------------------------------------ IHMC (850)434 8903 or (650)494 3973 40 South Alcaniz St. (850)202 4416 office Pensacola (850)202 4440 fax FL 32502 (850)291 0667 mobile phayesAT-SIGNihmc.us http://www.ihmc.us/users/phayes
Received on Thursday, 9 October 2008 18:39:58 UTC