That facepalm moment

I’m not going to name any companies here but I recently cashed in an freebie. It was one of those introductory offers in which you get something for nothing and are then asked to sign up so you can use the (paid) service in future. As it happens, this piece of marketing worked and, having poked around the site for a bit, I decided I would create an account in order to order personalised presents in future.

So I opened KeePassX, generated a (very long, very random) password and pasted it into the sign-up form. This is where things started to go awry.

My sign-up password was rejected because it was too long. This is always a bit concerning. If a sign-up form tells you your password is too long, it’s a bit of a giveaway that they are not hashing passwords properly and are probably a bit ramshackle when it comes to security.

Still, they already have my address for the freebie so I shortened my password and pasted it in.

And then they emailed my (clearly unhashed) password back to me.

The company in question does not have my credit card details. This company will never have my credit card details.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s