Sun, 25 Jan 2009 13:51:28 -0800, Andrei Alexandrescu wrote: > Christopher Wright wrote: >> Andrei Alexandrescu wrote: >>> Never ever *ever* EVER *EVER* email a password in clear. I'd say, if >>> anyone thinks she wants to do that, she doesn't deserve a server that >>> understands basic security concepts, even if one existed. >>> >>> Andrei >> >> This isn't terribly important if you're only considering one system that >> does not require any significant amount of security. >> >> However, people reuse passwords, and sometimes they'll use the same >> password for sensitive and non-sensitive systems. > > My point exactly. I do have one "insecure" password that I use e.g. with > mailing lists, and a "secure" password. The worst that happened was that > some webmoron has set up a system that asked me to choose a password via > a https protocol, to then email it to me in clear... When I tried to > casually explain the mistake of his ways, he got all combative.
All my passwords are generated, and different. When I acquire a password for a sensitive resource I make sure to change it to generated as soon as possible.
