There exist plenty of services on school campuses that send passwords in plaintext. There are services outside of school campuses that do, too. Hell, I've been able to bypass 2FA checks by just navigating around them, I don't know what else to tell you, not everything out there uses the best security practices, so don't assume that they do.
That must’ve been quite a while ago
I mean, yes, I'm in my 40s, but it's just as effective today.
I’m sorry, but I don’t believe it is. Nearly all traffic is TLS. When this is attacked, you’d get TLS error. Am I missing something?
There exist plenty of services on school campuses that send passwords in plaintext. There are services outside of school campuses that do, too. Hell, I've been able to bypass 2FA checks by just navigating around them, I don't know what else to tell you, not everything out there uses the best security practices, so don't assume that they do.
I guarantee you it's not.