[thelist] hashing stored passwords (revisited)
Gary McPherson
genyus at ingenyus.net
Thu Jun 26 09:19:19 CDT 2003
> i would stay away from asking for very sensitive info
> such as "mother's maiden name" or "last 4 #s of your
> SSN", etc. these are routinely used by banks and why
> would i give this info to a small site w/o having any
> assurance that it will be kept encrypted and/or the
> machine the database is on is well-protected? if my
> mother's maiden name is compomised, it can't be
> changed but i still need to continue using it for
> banking! smaller independent sites don't care about
> security (they'd probably like to but don't have
> resources) as much as banks or places like PayPal do.
Well pointed out.
Question: is it worth detailing what information will be encrypted for
the user's benefit? On a site of this nature, I doubt it would affect
anybody's decision to sign up, but it might be reassuring for some.
More information about the thelist
mailing list