If it's a phishing scenario, no matter how they store and protect passwords, they'd be compromised. Keeping in mind, this is not confirmed, and at this point is pure speculation. As for who made them the password police, that is one of the inherent duties in providing such a service. If they knew your account was compromised and did nothing about it, you'd be emailing with a very different attitude. On Apr 5, 2016 12:20 PM, "Joey Kelly via Outages" <outages@outages.org> wrote:
On 04/05/2016 10:51 AM, DJ Anderson via Outages wrote:
I got one of those a few weeks ago.
When I inquired about it I was told that the password I was using was found on some leaked password list and due to that they had set a temporary password to protect my account.
-DJ
Does that not imply they are not using salted hashes, but storing the passwords in plaintext? Or maybe they're intercepting the passwords and testing them against a dictionary? I might be OK with the latter, maybe (but who appointed them to be the world's password police?)
--Joey Kelly
<snip>
-- Joey Kelly Minister of the Gospel and Linux Consultant http://joeykelly.net 504-239-6550 _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages