Security:ClearTextPasswords: Difference between revisions

← Older edit

Latest revision as of 04:39, 27 August 2020

Site re-work in progress...

@@ Line 1: / Line 1: @@
-This is a draft, the resources below clearly tell that clear text passwords in digital information systems are a '''''NO-GO''''' regardless what's in some "specification sheet" or other service provider agreements ;-)
+Site re-work in progress...
-== CISSP ==
-Well, it's one of the CISSP questions, but let's have a closer look: <br>
-* What is the BEST method of storing passwords for a system:
-** password-protected file
-** file restricted to one individual
-** one-way encrypted file
-** two-way encrypted file
-You may have guessed it already: an one-way encrypted file is the correct answer. Of course there are other options so an encrypted password in the credential file works out well, too. <br> So if you're service provider keeps telling you that clear text passwords (credentials) don't matter at all, that's a killer argument ;-)
-Furthermore, did you know that there's a so called:
-=== Code of ethics ===
-ISC: https://www.isc2.org/Ethics# <br>
-or the following ressource in the German Wikipedia: <br>
-https://de.wikipedia.org/wiki/Certified_Information_Systems_Security_Professional#Code_of_Ethics <br>
-"Handelt ein CISSP nicht nach diesen Grundsätzen, kann er jederzeit durch einen anderen CISSP bei der (ISC)² gemeldet werden." <br><br>
-Of course therefore you should either be a CISSP or know somebody who is a CISSP. <br>
-In my case I know some of my former fellow students who are having a valid CISSP certification.
-== Book(s) ==
-Computer Security '''''Basics''''' <br> Rick Lehtinen, Deborah Russel & G.T. Gangemi Sr. ; Released '''''June 2006''''' ; ISBN-13: 978-0596006693 <br> Page 65-66
-== CWE(s) ==
-https://cwe.mitre.org/data/definitions/256.html
-== Background ==
-Why I'm writing this article?
-Because I got the credentials for accessing the account from my former personal hosting provider in clear text :-(