Synopsis: Readable Passwords
Explore the security risks and ethical considerations of storing readable passwords in applications. Understand why password reset mechanisms are safer, how to handle legitimate exceptions, and when simpler identification methods may suffice. This lesson helps you apply secure password management practices in real-world scenarios.
We'll cover the following...
Let’s suppose you receive a phone call from a man using one of the applications you support. The caller is having trouble logging in.
“This is Pat Johnson in Sales. I must have forgotten my password. Can you just look it up and tell me what it is?” Pat sounds a bit sheepish but also strangely in a hurry.
“I’m sorry, I’m not supposed to do that,” you answer. “I can reset your account, and that’ll send an email to the address you registered for your account. You can use the instructions in that email to set a new password.”
The man becomes more impatient and assertive. “That’s ridiculous,” he says. “At my last company, the support staff could look up my ...