Your Password is NOT Safe.

Our "pub" where you can post about things completely Off Topic or about non-silent PC issues.

Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee

Post Reply
*Lifetime Patron*
Posts: 5316
Joined: Sat Jan 18, 2003 2:19 pm
Location: St Louis (county) Missouri USA

Your Password is NOT Safe.

Post by Bluefront » Wed Jun 13, 2007 2:56 am

With some places anyway. You'd think by now that everyone would be schooled in password protection....not so. Example. My new ISP was connecting ok, but the EMail refused to work. I finally called their tech support from another location(not my home phone). I told the guy my problem and my user name.....he asked me if my password was "XXXXX". I said yes and he fixed the problem which was at his end.

What he should have done was ask me for the password I registered. This didn't dawn on me till after the incident. Anybody could call these people with a similar story, and get another person's password.....all you'd need was the EMail address, and this same "tech" person to answer the phone. I guess you're never safe enough these days...... :x

Posts: 155
Joined: Tue Apr 08, 2003 2:02 pm

Post by kogi » Wed Jun 13, 2007 3:07 am

Thats a really bad system. I thought with all/most system. An administrator can't find out your password. Only reset it.


Posts: 105
Joined: Thu Apr 21, 2005 12:17 am
Location: Helsinki, Finland

Post by mellon » Wed Jun 13, 2007 5:01 am

Seconded. That kind of a setup means that anyone on the inside can access your email without you knowing. Probably the username/password -combination is also stored in plaintext somewhere on the server so when it gets compromised it is trivial for the attacker to get lots of good username/password information.

If at all possible, change to a better ISP. If they can't do basic password protection properly they'll screw up something else too.

Posts: 235
Joined: Tue Sep 20, 2005 5:21 am
Location: Soham, UK

Post by quikkie » Wed Jun 13, 2007 5:11 am

Having worked for a small scale ISP before (in 2000), if I wanted to read your email I'd just start a text editor on the mail server and start reading.

I've not yet come across an email server (either POP3 or SMTP) that encrypted it's message store. Although I am looking at a mail server currently (Zimbra) that uses a database backend as the message store, and I believe I'm right in thinking that the database is access controlled.

And I second the idea of shopping around for another ISP, that "system" in use is incredibly insecure and wide open to abuse.

Post Reply