Monday, 17 August 2015

never email a password

I’ve just registered with a new grant management system.  They wanted a password, obviously, and clearly wanted a strong one, because they required a minimum length, and a mix of characters from different classes.  They went one further, and also wanted an answer to a memorable questions.  So far, so good.  (Well, apart from one of the options being mother’s maiden name.  Not exactly secret in this day and age.  But I use a password manager, so I can easily provide a random answer without worrying about losing it.)

They emailed me confirmation of my registration.

The email contained my login id.  And my password, in the clear.

screenshot of email, modified

[while looking for an interesting and relevant link to add in here, I found this beautiful page.]

For all my social networking posts, see my Google+ page

No comments:

Post a Comment