2

I keep finding various websites that are able to email me back my password. I try to email them every time, telling them about this. But it can be tricky to be taken seriously - it's just a random email from a random stranger. Besides, I can't really go into much detail or I'll risk being ignored for TL;DR reasons.

This got me thinking: perhaps there is an info-site out there dedicated to first explaining why this is a problem, and then linking to further info on how to do this right? One that looks authoritative and trustworthy, preferably even authored by someone famous in the IT security field?

The closest I found is this blog by Jeff, but it starts off discussing something else altogether, and so isn't very suitable.

RomanSt
  • 1,180
  • 9
  • 25

2 Answers2

4

I would like to point you to this post here on security stack exchange.

However, it would be difficult as a normal user to convince a site to change their password policies unless you are paying for their services. I would just avoid using such sites if at all possible.

Community
  • 1
2

Here are some that might help:

http://defuse.ca/password-policy-hall-of-shame.htm

http://blog.kamens.us/2009/09/29/password-security-hall-of-shame/

http://www.passwordgear.com/better-security/hall-of-shame/

http://www.codinghorror.com/blog/2007/09/youre-probably-storing-passwords-incorrectly.html

Mark Burnett
  • 2,810
  • 13
  • 16