I’m in shock that a customer service rep from a large website sent me my password in an email. This is the first time in 10 years that I’ve ever had a human send me my real password, not a temporary password. (The highlight was within the email it says “ Please put your login information in a safe place.”)
Any reputable source tells the public never to write down passwords. Well, now I safely have my password written down in my email thanks to this site.
It was one of my “medium security” passwords I used for this blog, various unimportant email accounts, and other accounts for about the last 8 years.
When I emailed them to complain, I realized the account I emailed from used the very password they had access to. So I just went through the process of changing my password on numerous accounts.
Microsoft has a good tutorial on password practices for end users – although they don’t address the issue of needing to protect your password in online accounts – which is also important if the site isn’t encrypting passwords and they have a data breach.
Using an algorithm (a pattern that only you know) to create easy to remember passwords unique to each site is a good idea. See this article.
If I got any info wrong here let me know!