How secure is your e-mail password?




http://news.cnet.com/8301-27080_3-20016442-245.html?tag=topImage3

I don't understand why most POP email is still authenticated using
cleartext passwords instead of digest (hash) based authentication
(which doesn't send the password itself but a hash of the password).
Anyone can steal your e-mail password by simply monitoring on a public
network. And why is it that most ISP's don't provide the option of TLS
/ SSL communications?

.



Relevant Pages

  • Re: Windows authentification : HTTP header "AUTHORIZATION" ?
    ... Digest also does not transmit the password clear-text; rather, a hash of the ... use Basic authentication (or ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: [Full-disclosure] JavaScript exploits via source code disclosure
    ... Hash: SHA1 ... If his users are authenticated via say regular form login, ... pass some sort of hash which identifies the user and session to the ... authentication, your webservice's are just as public as any ...
    (Full-Disclosure)
  • RE: Windows NTFS Authentication Caching
    ... Subject: Windows NTFS Authentication Caching ... I believe Carol means that they have an NT Box running IIS as their ... This hash is stored on the server. ...
    (Security-Basics)
  • Re: How secure is your e-mail password?
    ... cleartext passwords instead of digest based authentication (which ... doesn't send the password itself but a hash of the password). ... steal your e-mail password by simply monitoring on a public network. ...
    (sci.crypt)
  • Re: Validate user/pass with Windows accounts
    ... Why I don't use standard NT authentication mecanism? ... NT security haven't been designed for Remoting. ... it shouldn't be a problem passing the password simply ... What's important is to only store a hash. ...
    (microsoft.public.dotnet.security)