>> Do any staff of a service covered by a password know what it is? I
>> assumed that a password created by me and not revealed to anyone else could be
>> known only to me but have never checked.
Passwords should not be recoverable or visible to any staff of a service, and should be "hashed"* in case a hacker gets in. All staff can do is provide a link or assistance to create a new password once your identity has been verified.
*Hashed. When a password has been “hashed” it means it has been turned into a scrambled representation of itself. A user's password is taken and – using a key known to the site – the hash value is derived from the combination of both the password and the key, using a set algorithm.
Last edited by: Zero on Fri 21 May 21 at 12:48
|
Password Security new