Left Lane

When I am signing up for a service on the web and I am to choose a password, I take it seriously. I think long and hard about what kind of password I want, I come up with one, then I meticulously store it in a secure place where I can find it if I should ever forget it.

When I finally submit the form, I get a response saying that a confirmation message has been sent to my email address. Yay, more inbox clutter. Just when I was getting somewhere with organizing it.

The inevitable next step is to immediately archive the message. So off I go to my inbox. As I get ready to delete it, I read it over for a quick moment. Damn.

My eyes roll. They sent me the password back, in plain text. I wasted five minutes of my time coming up with a secure password, storing it for future forgetfulness, and entering it twice into a web form just to have it broadcast over a mail protocol that is not secure. Fun. Now I have to go login and change the password immediately, for fear of my account getting hacked.

Why do I say broadcast? Email travels along many networks before it reaches your inbox, much like a car taking different highways across the country. If even one link on that chain is not secure, the contents of your message is open to any number of hackers waiting to read your potentially sensitive information.

Is it so hard to implement a verification method for email addresses? As I developer, I know the answer is no. Send an email saying “Click on this link to verify your registration.” I see it every day. I implore the web development community at large: Please stop this ugly pattern. It is not helping anyone. Take those few extra steps to take your web service or application to the next level.

Posted in Rant, Organization.