Welcome

  • Welcome to the Blog of HotPads!

    My Photo

About HotPads

Navigation

HotPads Pics

  • www.flickr.com
    HotPads' HotPads Photo Ops photoset HotPads' HotPads Photo Ops photoset

« Happy Valentine's Day! | Main | What Users Want: Web 2.0, the Real Estate Industry, & Survival of the Fittest »

Thursday, February 15, 2007

Soo Many Passwords and Useless Accounts

A new Web 2.0 site launched last week. It is focused on its core competency like a laser, which isUselessaccount needed for the success of any young company.  UselessAccount.com allows users to create an account and... well...that is actually all it does.  In the words of Alan Graham of ZDNET, usellessacount.com "does one thing and it does it very well."

Now I think this site was made in jest, or as a viral marketing spoof by its creator Brisbane Creative.  But it raises an important issue: password security in the digital age.

I love new web applications and I am always creating new accounts in order to really dive into new web tools.  One of my new favorites is Geni.com (it is a web 2.0 social networking site that revolves around your family tree...very addictive).

Here at HotPads we take security very seriously.  We don't even have sensitive information on our site, but all passwords are encrypted to ensure the safety of our users' information (because passwords are encrypted, even HotPads' engineers cannot read the passwords in the database).  Encryption of passwords is fairly typical.

A couple weeks ago, someone here at HotPads lost their password for their electronic paystubs.  I called our payroll services provider (one of the largest in the country) and a customer service representative read me the passwords for the entire company.  I was first surprised that the rep would give me the passwords rather than just resetting them.  Then, after some thought, I became shocked that this employee actually had access to our passwords.  Because it is a payroll services company, employees also have access to HotPads' social security numbers, bank routing numbers, and checking account numbers.

Danger_1

I am not particularly sure what the process is to steal someone's identity, but I am pretty sure that this is a bad combination of data if put into the hands of a deviant.

Moral of the story:
Companies - Protect your users' information
Users - Protect yourself

My password for UselessAccount.com is "xxDvb7#4shepherd13."  Fortunately, I doubt I will ever need to sign-in again.

Posted by Douglas Pope at 10:52 AM |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c134053ef00d83519694169e2

Listed below are links to weblogs that reference Soo Many Passwords and Useless Accounts:

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment