Password validation security issue

Chris Angelico rosuav at gmail.com
Sun Mar 2 21:32:16 CET 2014


On Mon, Mar 3, 2014 at 7:01 AM, Roy Smith <roy at panix.com> wrote:
> We recently got a frothing email from a user, which basically said, "You
> farking idiots, you emailed me my password in plain text!"  It turns
> out, his user name was the same as his password and what we had sent him
> (in response to an account recovery query) was his username.

Sadly, there *are* systems that will actually email passwords in plain
text, and don't tell you so beforehand (Mailman at least tells you
that the password isn't meant for security). I met one recently. Did
not appreciate that. Fortunately when I changed my password, the new
password wasn't emailed back to me.

ChrisA



More information about the Python-list mailing list