Your Password is NOT Safe.

[Bluefront]

With some places anyway. You'd think by now that everyone would be schooled in password protection....not so. Example. My new ISP was connecting ok, but the EMail refused to work. I finally called their tech support from another location(not my home phone). I told the guy my problem and my user name.....he asked me if my password was "XXXXX". I said yes and he fixed the problem which was at his end.

What he should have done was ask me for the password I registered. This didn't dawn on me till after the incident. Anybody could call these people with a similar story, and get another person's password.....all you'd need was the EMail address, and this same "tech" person to answer the phone. I guess you're never safe enough these days......

[kogi]

Thats a really bad system. I thought with all/most system. An administrator can't find out your password. Only reset it.

kogi

[mellon]

Seconded. That kind of a setup means that anyone on the inside can access your email without you knowing. Probably the username/password -combination is also stored in plaintext somewhere on the server so when it gets compromised it is trivial for the attacker to get lots of good username/password information.

If at all possible, change to a better ISP. If they can't do basic password protection properly they'll screw up something else too.

[quikkie]

Having worked for a small scale ISP before (in 2000), if I wanted to read your email I'd just start a text editor on the mail server and start reading.

I've not yet come across an email server (either POP3 or SMTP) that encrypted it's message store. Although I am looking at a mail server currently (Zimbra) that uses a database backend as the message store, and I believe I'm right in thinking that the database is access controlled.

And I second the idea of shopping around for another ISP, that "system" in use is incredibly insecure and wide open to abuse.