Stop asking for my password, dammit!

Submitted by rernst on Mon, 10/15/2007 - 3:21am

In the past few months it's been an increasing trend to have sites ask you for your username and password from some service. I've lamented about this in the past regarding youtube and embedding videos, and it's shoved in your face on facebook.

Though, admittedly, youtube has to store your password for some reason, while apparently facebook only uses it then discards it.

Still, I couldn't quite put my finger on why it was a bad idea. Apparently it's in every social networking site, too.

Someone out there agrees with me, at least: It teaches people how to be phished. I get at least a dozen phishing spam a day that pretends to be from my bank. It's interesting and scary at the same time.

From a security standpoint, storing passwords is a can of worms. The disadvantage that this phishing antipattern has is that in order to be reused the passwords need to be stored in plaintext.

To all you software developers out there: there is a better way.

Comments

Post new comment

All comment submissions must follow the Comment Policy. Your words remain your own and you are responsible for them. If you don't like the captcha, Login to a user account. You can login with OpenID too..
The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <embed> <blockquote> <p> <iframe> <div> <span> <tt>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
g
m
5
2
S
B
P
Enter the code without spaces and pay attention to upper/lower case.

Subscribe to Feed

ryanernst.com RSS feed