Which of the following are measures against password sniffing?
A.
Passwords must not be sent through email in plain text.
B.
Passwords must not be stored in plain text on any electronic media.
C.
You may store passwords electronically if it is encrypted.
D.
All of the choices.
Explanation:
Passwords must not be sent through email in plain text. Passwords must not be stored in
plain text on any electronic media. It is acceptable to store passwords in a file if it
is encrypted with PGP or equivalent strong encryption (once again depending on your
organization policy). All vendor supplied default passwords must be changed.