Should I be worried?

dug dug Follow Sep 14, 2007 · 1 min read
Share this

password.gif

Well, I cancelled my Quechup account two weeks ago. The interesting bit was that my gmail address book was spammed two days later. Now that is fucked up…

Anyways, I just wanted to mention that I’ve noticed that a bunch of services (Qloud, J!NX, thetrainline, Wordie to name a few) are sending account confirmation letters with cleartext passwords and I’m wondering if this is a growing trend?

Now I realise non ssh passwords are sort of pointless anyways (an .htaccess file is but a curtain or a screen I’m told) but still, this type of email gives sniffers access to a validated email address, your name, your alias and a chosen password. That has to be bad.

If you’re gonna send email confirmations, generate a random password and get me to change it on first login ok?

Join Newsletter
Get the latest news right in your inbox. We never spam!
dug
Written by dug Follow
Hiya, life goes like this. Step 1: Get out of bed. Step 2: Make things better:-)