Password Security? Assume nothing is secure

I’m in shock that a customer service rep from a large website sent me my password in an email. This is the first time in 10 years that I’ve ever had a human send me my real password, not a temporary password. (The highlight was within the email it says “ Please put your login information in a safe place.”)

Any reputable source tells the public never to write down passwords. Well, now I safely have my password written down in my email thanks to this site.

It was one of my “medium security” passwords I used for this blog, various unimportant email accounts, and other accounts for about the last 8 years.

When I emailed them to complain, I realized the account I emailed from used the very password they had access to. So I just went through the process of changing my password on numerous accounts.

Microsoft has a good tutorial on password practices for end users – although they don’t address the issue of needing to protect your password in online accounts – which is also important if the site isn’t encrypting passwords and they have a data breach.

Using an algorithm (a pattern that only you know) to create easy to remember passwords unique to each site is a good idea. See this article.

If I got any info wrong here let me know!

Advertisements

2 Comments

  1. That’s awesome. The same thing happened to me not long ago. I hate that! Or, you go to a site with SSL and you look and there’s an HTTPS and the little lock appears and they even have like a verisign seal of approval, and then you type your password in and they mail it to you! Jeez!

    I enjoyed your post about password security. That’s one of my favorite topics in my blog (in fact, I wrote something today about how programmers store passwords). It’s really frustrating for me when I have a really strong password and someone does something stupid with it like email my password to me, store it in plain text, or have me verify my social security number as authentication.

    I hate when I’m trying to type a password in and I can’t use # or ! or other special characters or I can’t use a password longer than 12 characters. I mean, why limit me on the strength of my own password? Oh well, thanks for the blog post. It’ll get people to use secure passwords, but it’s up to the programmers out there to handle them better.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s