Comments on: A call for the end of plain text passwords

This is a plea for web services to stop sending plain text passwords through email.

[bkkissel]

For any of your readers looking to implement OpenID on their websites, there are good open source libraries at www.openidenabled.com or a free turnkey hosted solution, called RPX Basic, at http://rpxnow.com.

Also, for anyone wanting their own personal OpenID with multi-factor authentication via Microsoft Infocard, SSL Certificate, or CallVerifID phone-based authentication, you can get one for free at www.myopenid.com. This is only one of three certified OpenID providers for Microsoft's HealthVault medical records management services.

[mselbie]

Nice post that highlights the growing need for usable products on the internet and the growing role of OpenID . Longer passwords and crazy challenge questions only confound the user. We also know from lots of research that people prefer pictures to words and from our own research at Vidoop, that the majority of US adults on-line are very frustrated with remembering and organizing passwords. So we developed a visual login using OpenID, that eliminates passwords and yet is effective against the prevalent forms of hacking. The pictures means you have password for any website. Its free, usable, browser agnostic, secure and works on multiple computers. It remembers the passwords so you don't have to. Check out the frisbee catching tortoise video at www.vidoop.com

[zerarch]

It's bad enough with web-based services and email, but try snail mail!

Sprint and a few other utility services have not only sent me my online access password in plaintext on the paper bill, but have also requested that password as an identity verification over the phone.

The risks of identity theft aside (a password on a bill + a cell phone number = phone records, billing information, etc.), the discomfort of seeing what was once a strong password is only compounded by being asked to "verify" it out loud over the phone.