Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Deal of the Day - Pay What You Want for the Learn to Code Bundle, includes AngularJS, Python, HTML5, Ruby, and more. ×

Submission + - Password Storage and Privacy Policies

OldSoldier writes: Privacy policies talk about what companies will do with your personal data. Some policies you may like some you may not like, but disclosure of the policies is the key thing. My problem is these policies neglect to mention the single most important data item sites collect about you, your password. It seems most companies do one of three things with your password. a) store it in the clear, b) store it encrypted or c) store it encrypted but you need to share it with an operator to use it. Examples of this last variation include any pin-like code you need to verbally share with a phone operator to (say) adjust your billing record.

The thing is I care deeply which policy is in place at whatever company wants me to give a password. I will give different passwords depending on the type of system they use. Yet trying to determine which system they use is very difficult.

Government requires privacy policies yet appear to be mute on this very important issue. What can we as slashdot readers do (or should we do) to fix this situation?

Submission + - Password Security Policy

OldSoldier writes: I recently signed up with a company that does background checks for prospective employees. I had forgotten my password (or so I thought) and called them to get a new one. Their email back to me included my original password, NOT a reset one!

This is not the first time this has happened to me. Several years ago I had forgotten my [Wireless Carrier] Account password (who uses those?) and when I was in a Sprint store the clerk happily pulled up my account and told me what it was.

With all the privacy policies that exist and/or are mandated by government regulation I'm stunned that there is no similar legislation for password management. I would think that companies like cell phone companies and this background check company would know better. But more to the point, I'd like to know what the "password policy" of a company was before I am required to create an account on their site.

Life. Don't talk to me about life. - Marvin the Paranoid Anroid