Emailing Unencrypted Passwords Defeats their Point
Posted by Hans de Ruiter
This is one of my pet peeves with online services. Today I signed up to something on a website, and, after selecting a password, they emailed it back to me unencrypted. If I choose my own password, then I already know what it is, and do not need to have it sent to me as a reminder. Moreover, the whole point of passwords is that it provides some means of confirming that it is in fact me, and not someone else that is trying to access my account. So sending it to me in an email and having it stored unencrypted on a server, and then visible in my inbox, defeats the purpose of having the password in the first place. There is no point in having encryption of any sort in a log on system if the passwords are transmitted unencrypted elsewhere.
So, if you own and/or run an online service, please take security seriously and do not send people their own passwords unencrypted unless they specifically ask you to. If a user is careless with their own passwords and/or private data then they caused the trouble themselves. If you are careless with someone else's passwords and or private data; shame on you.
Blog » Emailing Unencrypted Passwords Defeats their Point
Post your comment
Comments
No one has commented on this page yet.
RSS feed for comments on this page | RSS feed for all comments
Blog » Emailing Unencrypted Passwords Defeats their Point