I like to keep people guessing. I don’t believe in privacy. And, yet, I think it’s embarrassing when I receive e-mails like this:
From: email@example.com Sent: Wednesday, January 30, 2008 4:26 PM To: Scott Robinson Subject: [CodeProject] Member information Update Dear Code Project Member Apologies for the interuption but we’ve found a small problem: You may have noticed that you have been unable to sign into www.codeproject.com. After our recent upgrade we found a few of our members had passwords that were getting corrupted by our new encryption system. All passwords are stored in our database in encrypted form to protect your privacy, but unfortunately your password was in a form that caused problems when unencrypted. To fix this we’ve issued you with a new password and ask that you log in and change your password as soon as possible. Your details are as follows: Login email : firstname.lastname@example.org Password : EINMBONG To log on to The Code Project visit the homepage (http://www.codeproject.com) and enter your email address and password in the login area at the top right of the homepage. If you have not signed out of CodeProject since signing up you may not have exerpienced any problems. However, we have still, unfortunately, had to reset your password and ask that you change it to something different ASAP. We apologise for the inconvenience and want to reassure you that your private information has not been compromised in any way. (In fact no one could get to it, not even you!) If you’re at all concerned by the legitimacy of this email feel free to contact me at email@example.com Regards, Chris Maunder www.codeproject.com
From: Scott Robinson Sent: Wednesday, January 30, 2008 7:38 PM To: Chris Maunder Subject: RE: [CodeProject] Member information Update Unencrypted? How can a hashed password be unencrypted?
From: Chris Maunder To: Scott Robinson Subject: RE: [CodeProject] Member information Update We enrypt, not hash, since this allows our members to recover their password instead of being forced to choose a new one. Most members we talked to preferred this method.
Or, you know, the hot-spot for predators:
From: Welcome to MySpace To: firstname.lastname@example.org Subject: MySpace Account Confirmation Hi Scott -- Thanks for joining MySpace! Here’s your account info for logging in: E-mail: email@example.com Password: abc123 Keep it secret. Keep it safe.