Skip to main content

View Diary: Online data spying from a website developer's POV (41 comments)

Comment Preferences

  •  what ever happened to the double-blind password? (0+ / 0-)

    in which the user is forced to reset the password on first use, and said password stored in (theoretical) one-way hash?

    The simple fact that you know any customer's password is enough to allow the (reasonable) assumption that eavesdropping is possible (regardless of whether you do it or not).

    The risk with actually knowing the password is that one could log-on with exactly that password and masquerade as that user in every way possible.

    You not knowing that password would actually be better for you than it is for them.

    •  If you have admin rights you can reset the (1+ / 0-)
      Recommended by:

      password, go in to do whatever you want, and then when the original intended user tries to get into their account, they generally just think that they've mistyped the password, or forgot what it was (particularly if they have to change it pretty often), they just call up the admin for a reset....

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site