You know the drill.

  1. Signup for some random service on the internet
  2. Receive a confirmation email with your account information

or

  1. Forget a password for some random service on the internet
  2. Receive an email with your current password

In today’s day and age, I’m not aware of any good reason why we (the services) should be transmitting user credentials (namely their passwords) in an email. The HBC Run For Canada site was the latest example I ran into. If I go to the bank and tell them I’ve forgotten my PIN, are they going to verify my identity and just tell me my old pin or require me to specify a new pin? I suspect the later.

Bearing in mind that I’m slightly more technical than most people but I don’t expect any service to store my password in plain text let alone be able to provide it to me on-demand.

We’ve already got infrastructure for single-use reset password URLs, hints, etc. so let’s use them uniformly. Nothings perfect but depending on your particular audience, something like OpenID could very well be a nice solution to end-user authentication.


Leave a Comment




  • Pet Peeve: Don’t email my password to me in plain text You know the drill. Signup for some random service on the internet Receive a confirmation email with your account information or Forget a password for some random service ...

  • Eclipise Memory Analyzer (MAT) I must say the Eclipse Memory Analyzer looks pretty slick. There is some pretty good material over on the developers blog. Lastly, there was a talk on it ...

  • Open-source Web-based Code Review Tool: Rietveld Guido van Rossum, of Python fame, has recently released a Django-based application that enables web-based code reviews... Rietveld. It supports any language and currently can hook into Subversion repositories. You ...

  • An implementation of the JVM in Javascript? Caught this over on JavaPosse Google Groups. Essentially, some bright fellows over in Japan have developed a bytecode->javascript compiler. There's a demo floating around that took a Tetris ...

  • Facebook Chat? So it looks like the Facebook Chat service has finally started rolling out to my network (Facebook Chat has been mentioned previously). Not quite sure how ...





  • RSS Twitter Feed

    • Meetings all day, no time to hit the gym. Guess I better go now.... 6:30am.
    • Played around with Fring for a couple minutes tonight, Skype seemed to work (if only to call a test account of mine). 3G would be nice! :)
    • Watched nick and norahs tonight. Have to admit that it was pretty funny. Two weeks until W, wonder what that's going to be like.
    • Locly is a pretty sweet location-based app for the iPhone. Should have busted it out last week in Seattle.