No, storing any part of customers' passwords in plaintext is not okay even if you think your security is "amazingly good."https://motherboard.vice.com/en_us/article/7xdeby/t-mobile-stores-part-of-customers-passwords-in-plaintext-says-it-has-amazingly-good-security …
-
-
Replying to @evacide
If human employees have any sort of access to those stored passwords, your security is not "amazingly good".
1 reply 0 retweets 10 likes -
Replying to @RichFelker @evacide
I'm guessing that part of the reason for this is that long long ago RADIUS couldn't handle encrypted passwords in the user database if you used CHAP on the wire & no one there ever saw a reason to do it differently
1 reply 0 retweets 1 like
Replying to @__dotblake @evacide
There was never any legitimate reason to use CHAP on the wire. GSM already authenticated the customer.
10:42 AM - 7 Apr 2018
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.