Re: What's the point?
"There's just been two articles about very popular sites writing passwords in plain text, so what's the point of the complexity when the website writes it out in plain text, stores it in plain text, and sometimes spafs it all to world+dog+gerbil"
In both cases the suggestion is that the password is stored in hashed form but that a log grabbed the plain-text password before it was hashed. I didn't read up on the details of the first instance but the second was that the logs were internal so no splashed to world with or without dog but only to the sysadmin gerbils who had sufficient integrity to flag up the problem rather than try to hide it.
That is not sufficient reason to give up on complexity.
Biting the hand that feeds IT
