Do as we say, not as we do
Posted: Fri 9 July, 2010 | Author: Lyle | Filed under: Cynicism, Geeky, Stupidity, Work-related |Leave a comment »Part of my current work deals heavily with web security, data security and the like. As part of that, I subscribe to a number of information lists, mail services etc.
I signed up to a new one today – one of the better regarded (and indeed recommended by another security auditing agency) ones.
What concerned me during the signup process was this :
You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.
Seriously? Sending – and one assumes storing – a password in clear text is such a bad idea. It’s also a major no-no in every security list – including their own one. D’oh!
Obviously a case of “don’t do what we do, do what we say”.