I've been happy to see that all the major internet companies (ie. Amazon, ebay...) will never send your password to your e-mail in plain text. They will have a temporary link that you can click on once and then enter your password and you reset it. Then after that the link is no longer good. In terms of security this is far superior to sending a password in plain text to your e-mail account.
The reason that you never want to have passwords sent in an e-mail is because most of the e-mail that people send these days is unencrypted. Which means that anyone can read that e-mail if they are looking at your internet traffic. All it would take would be one hacked router along the path that your e-mail takes to get your your mail server (gmail, yahoo, msn, your ISP, etc.). Then of course if you are on a wifi connection and are connecting to your e-mail over a non-secure connection (i.e. it is http: rather than https: in the url) then anyone within range of your wifi router will know your password if they are sniffing your traffic.
So the point it that this is NOT secure by any measure! The reason that I bring his up is that I continue to see sites that will send you your password in an e-mail when you indicate that you have forgotten it. Even some sites that have e-commerce, which would put your credit card information at risk (if they store that in your account) should you forget your password.
So if you are a person that has a site that sends out plain text passwords please try to change this! And for consumers, watch out for this! And for everyone, does this issue bother you or am I just being over sensitive on this? Let me know in the comments!
2 comments:
I agree. With all of the password phishing and identity theft these days, one can never be too cautious. When I was in Peru, I went to internet cafes to check my email. But several times I left without checking it because I was unsure about the security of the computer and connection!
Yeah that opens up a whole new set of issues when you log in with a community computer. Who knows who may have installed a key logger to figure out your passwords.
Some people go as far as to have applications that they run off a USB key so that they don't have to worry about security as much when using a public computer.
Probably not a bad idea that you refrained from logging in on some of the internet cafe computers.
Post a Comment