Comment Re:Outward facing systems ... (Score 1) 391
On trusted networks, yes, perfectly acceptable. Any security measure is a balance cost and benefit, for a trusted network the benefit of encrypting passwords is none at all. All it does is adding to a sense of security, not to real security.
Right. Except that there is no such thing as a trusted network. The old idea that we don't have to worry about security once you are inside the moat is just that: old. It has also been proven wrong time and again.
Even on the big bad internet the chances of you password being hijacked by a keylogger or because you typed it into a 'Check these pics!!' page are way bigger then it being picked up by a network sniffer.
Internet keylogger? I'm not sure what that is, but the chances of either of those happening is nil when I never use clear text authentication for anything.
I fetch my mail from my ISP using POP and a plain text password. I trust my ISP to make sure their routers aren't hacked and aren't running all sorts of sniffers. If I wouldn't trust them that much I should not be receiving any email through their servers anyway.
I'm glad you trust every single person who works for your ISP to be nice, competent, and to never make mistakes. Can I assume that this trust also extends to all the folks running servers in your ISP's facility (or the datacenter where they rent space)?
And I'm not ignorant, I noticed those bruteforce attacks TFA is talking about in my logs before I read about it. Did you?
I'm not sure how noticing something in your logs has anything to do with your clear ignorance of security best practices, but whatever.
In all seriousness, thanks. It is this kind of foolish thinking (yes, please keep using clear text authentication), that keeps us real security professionals in business.