Should I be worried?

dug dug Follow Sep 14, 2007 · 1 min read



Well, I cancelled my Quechup account two weeks ago. The interesting bit was that my gmail address book was spammed two days later. Now that is fucked up…

Anyways, I just wanted to mention that I’ve noticed that a bunch of services (Qloud, J!NX, thetrainline, Wordie to name a few) are sending account confirmation letters with cleartext passwords and I’m wondering if this is a growing trend?

Now I realise non ssh passwords are sort of pointless anyways (an .htaccess file is but a curtain or a screen I’m told) but still, this type of email gives sniffers access to a validated email address, your name, your alias and a chosen password. That has to be bad.

If you’re gonna send email confirmations, generate a random password and get me to change it on first login ok?

Written by dug Follow
Hiya, life goes like this. Step 1: Get out of bed. Step 2: Make things better:-)