DEV Community

Discussion on: What are the worst security practices you've ever witnessed?

Collapse
 
mitchpommers profile image
Mitch Pomery (he/him)

Most/all ISPs have had to deal with Challenge-Handshake Authentication Protocol, which requires both sides to know what the password is, not just have something that can be computed from the correct password. It doesn't make the "our security is amazing" comment valid, but does explain why plaintext passwords exist.