Editing Password (section)

====Simple transmission of the password====

Passwords are vulnerable to interception (i.e., "snooping") while being transmitted to the authenticating machine or person. If the password is carried as electrical signals on unsecured physical wiring between the user access point and the central system controlling the password database, it is subject to snooping by [[Telephone tapping|wiretapping]] methods. If it is carried as packeted data over the Internet, anyone able to watch the [[Network packet|packets]] containing the logon information can snoop with a low probability of detection.

Email is sometimes used to distribute passwords but this is generally an insecure method. Since most email is sent as [[plaintext]], a message containing a password is readable without effort during transport by any eavesdropper. Further, the message will be stored as [[plaintext]] on at least two computers: the sender's and the recipient's. If it passes through intermediate systems during its travels, it will probably be stored on there as well, at least for some time, and may be copied to [[backup]], [[cache (computing)|cache]] or history files on any of these systems.

Using client-side encryption will only protect transmission from the mail handling system server to the client machine. Previous or subsequent relays of the email will not be protected and the email will probably be stored on multiple computers, certainly on the originating and receiving computers, most often in clear text.