DOH! Ekiga.net MAILS your password back to you

Make sure you don't pick a good password for ekiga.net -- they mail it back to you IN THE CLEAR in an e-mail message.

I'm so furious, I can't even begin to describe it. Did I miss fine-print on their page saying they'd do something this stupid?

UPDATE: They also store your password in the clear on-disk. Check out ~/.gconf/apps/ekiga/protocols/%gconf.xml if you wanna see it in all of its cleartext glory!
Comments:

Hello.
I understand the first reaction is like this, I reacted likt that too.

Well, if you do not get to enter a password when the application starts, what is the use of encrypting your configuration for the application?

You can't use a application password, as that will be there for an intruder to get. From the application or the file system.

I do agree that mailing password feels stupid, but you should have different password for all application on the net, shouldn't you?
And if you loose a password, you should create an new one, shouldn't you?
(Even if you uses OpenID, but then is the password is stored(?) with you OpenID provider, if you authorize with name/password pairs)

Posted by Anders on February 08, 2010 at 10:55 PM EST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

danmcd

Search

Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today