Well, I cancelled my Quechup account two weeks ago. The interesting bit was that my gmail address book was spammed two days later. Now that is fucked up…
Anyways, I just wanted to mention that I’ve noticed that a bunch of services (Qloud, J!NX, thetrainline, Wordie to name a few) are sending account confirmation letters with cleartext passwords and I’m wondering if this is a growing trend?
Now I realise non ssh passwords are sort of pointless anyways (an .htaccess file is but a curtain or a screen I’m told) but still, this type of email gives sniffers access to a validated email address, your name, your alias and a chosen password. That has to be bad.
If you’re gonna send email confirmations, generate a random password and get me to change it on first login ok?