-
I just called a major, well known corporation on the phone and the automated system asked me to key-in my web password to get to customer support.
Key-in my password. In the clear. On the phone.
Anyone see an issue with that?
#security #passwords #encryption #cryptography #math #BruteForce
@Pat Might as well consider your web account public
Keying-in the password on the keypad of a phone wouldn't give a listener the exact password because each letter could be one of three, plus upper/lower case, but it would make a brute-force attack a trivial matter.
@Pat I thought more of the ramifications of such bad policy. Who acts like this probably does more stupid things.