Comments on: Password security on popular sites

By: Cd-MaN

Cd-MaN — Fri, 03 Apr 2009 06:01:02 +0000

Biometry by itself is not better than passwords. In fact they are worse: they can not be changed.

By: Anonymous

Anonymous — Fri, 03 Apr 2009 05:56:34 +0000

Much has been discussed about Identity Theft, user ID’s and Passwords stolen or hacked, credit cards being used without the owners knowledge and so on. Now there is a safe way of protecting your passwords and identity online from being copied, stolen and hacked by keyboard trojans, using your biometric fingerprint and face recognition, and even voice, to log on to web sites. By simply scanning your finger or face or voice you can log on to a web site, log on to your computer, and even encrypt files and folders. No more worrying about who might hack into your online accounts or even your email. No more remembering passwords or using the same passwords on many sites. This is an exciting new innovation from myBiodentity and they have about fourteen products that are enabled with biometrics including email encryption, password manager, virtual disk, and many more. You can read more at http://www.mybiodentity.com

By: Anonymous

Anonymous — Thu, 28 Sep 2006 15:53:26 +0000

Stating password fields that only allow characters a-z, A-Z and 0-9 must mean they are stored in clear text in the database, is really stretching it I think.

There maybe other considerations. Maybe they are trying to prevent forms of injection attacks, by limiting types of characters that can be inputted???

I have never signed up for digg or blogger, but the obvious way to find out if they are storing their passwords in clear text is to check out the password recovery options. If they send out the original password in an email then they are storing it in clear text.

One of the more important items regarding the input of passwords is to use ssl. What’s the point in storing passwords as salted hashes, or utilising other security methods, if it’s not sent over ssl in the first place.