Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Unspoken Taboo - The Never Expiring Password

Posted by CowboyNeal on from the silent-threats dept.

anon writes "Every security savvy professional lives with the daily fear of the "never expiring password" being exposed. It's the unspoken taboo, the wide open back door in every corporate network. But no-one ever acknowledges it or discusses it. All applications have got pre-defined passwords that never change. Which means developers, privileged users and hosting third party service providers will all have access to these passwords."

2 of 537 comments (clear)

  1. Re:guilty by ATeamMrT · · Score: 5, Interesting
    how many of us computer-savvy are guilty of doing this for our login accounts, web banking, Email, etc? I know i am.

    I am not a cracker or hacker. But I know a guy who uses password trading websites for porn. According to him, once you get a password for one porn website, that same password will work for others. According to him, these porn members use the same password for all sites they subscribe to.

    Once companies start losing money to crackers/hackers, then they will start issuing more complex security.

  2. Re:guilty by Anonymous+Crowhead · · Score: 5, Interesting

    I used to work for a free adult hosting site. We stored the passwords in plain text in a database. One day, just for the hell of it, I pulled out the top ten passwords. They accounted for something like 40-45% of the passwords for more than 250,000 accounts.