[_] New webapp account email stupidity
Tim Beadle
tim.beadle at gmail.com
Tue Oct 31 20:17:47 GMT 2006
Hi,
I signed up for the world's favourite "see what your area is like"
site earlier (clue: rhymes with "Pup High Feet dot com") as their more
useful features are now signed-in-user only.
They sent me a mail with my email address (used for login) and
password displayed next to each other in plain text.
I've seen other big name sites do this too. My take on it was that, as
email is as secure as a postcard (ie not at all), this was bad form.
Am I paranoid, or are these sites clueless?
A pointer to the definitive webapp email/acccount security best
practice would be nice.
Tim
I signed up for the world's favourite "see what your area is like"
site earlier (clue: rhymes with "Pup High Feet dot com") as their more
useful features are now signed-in-user only.
They sent me a mail with my email address (used for login) and
password displayed next to each other in plain text.
I've seen other big name sites do this too. My take on it was that, as
email is as secure as a postcard (ie not at all), this was bad form.
Am I paranoid, or are these sites clueless?
A pointer to the definitive webapp email/acccount security best
practice would be nice.
Tim