Linked by Eugenia Loli-Queru on Wed 23rd May 2007 00:46 UTC
Today, while I was trying to create a SIP Presence account for VoIPBuster, Pidgin kept crashing. I had to find its settings in my personal folder in order to manually edit the accounts.xml file and remove the entry (so Pidgin could start up again normally instead of keep crashing on load). When I opened the accounts.xml file with a plain text editor, all the passwords of all my accounts were listed out in the open in plain text. This is not a new issue, it was discussed many times before, but it can still be a surprise for most users.
Thread beginning with comment 242531
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2006-09-13
Come on, what's the point of this article? Stop pretending pseudo-encryption would help the user in any way.
AIM did that (probably still does) and made people believe that it was protected, so there were a bunch of methods used to retrieve someone's stored password. I had to change my password on AIM years ago before I understood that it wasn't real encryption.
If you care even the slightest bit about security, you shouldn't be saving your password at all. It's a bad idea to be able to log in to a system without authenticating yourself. If you want to - Fine. Noone is stopping you, but stop complaining about your desire for pointless cpu cycles.