[_] New webapp account email stupidity
Mark Hughes
mhsparks at gmail.com
Wed Nov 1 16:11:38 GMT 2006
On 10/31/06, Tim Beadle <tim.beadle at gmail.com> wrote:
> They sent me a mail with my email address (used for login) and
> password displayed next to each other in plain text.
>
> I've seen other big name sites do this too. My take on it was that, as
> email is as secure as a postcard (ie not at all), this was bad form.
> Am I paranoid, or are these sites clueless?
>
We send a welcome email for subscribers to our games that contains the
username and password. My view has always been that as the login to
the games isn't over SSL then that's just as likely to get sniffed as
an email.
I guess the other concern is your email / computer being compromised.
Though if that was the case I imagine you'd have more to worry about
than losing a few points from your fantasy football team!
I'm open to being convinced otherwise though :-)
> They sent me a mail with my email address (used for login) and
> password displayed next to each other in plain text.
>
> I've seen other big name sites do this too. My take on it was that, as
> email is as secure as a postcard (ie not at all), this was bad form.
> Am I paranoid, or are these sites clueless?
>
We send a welcome email for subscribers to our games that contains the
username and password. My view has always been that as the login to
the games isn't over SSL then that's just as likely to get sniffed as
an email.
I guess the other concern is your email / computer being compromised.
Though if that was the case I imagine you'd have more to worry about
than losing a few points from your fantasy football team!
I'm open to being convinced otherwise though :-)