CRIME ISP Password Security Practices at Earthlink

From: Lyle Leavitt (lylel@private)
Date: Tue Jun 11 2002 - 17:13:08 PDT

  • Next message: Jacob B. Rothstein: "Re: CRIME ISP Password Security Practices at Earthlink"

    I recently discovered during a tech support call that my ISP
    (Earthlink - one of the largest in the US), has a practice regarding
    passwords which I find alarming. The technicians and other service
    personnel have full visibility to the passwords on my accounts. Is
    this a common practice among ISPs? My past experience has been that
    network personnel have the ability to reset passwords but not openly
    view them. Nowhere in their privacy statements does it explain this
    practice. Doesn't this leave them open for liability if a disgruntled
    Earthlink employee should decide to take advantage of this access in
    order to created problems for a lot of accounts or to profit buy
    selling the passwords to someone else like a competitor?
    
    Any comments?
    
    Lyle Leavitt
    



    This archive was generated by hypermail 2b30 : Tue Jun 11 2002 - 17:49:35 PDT