Please help to make online passwords safer for everyone : eBay Guides

With the risk of "Identity Theft" ever-present, we all need to be vigilant. But online security isn't solely the responsibility of individuals: effective security requires a partnership between individuals and those who implement website security systems.

Many websites these days ask you to 'register' to gain the full benefit. Although this means yet another password you need to remember, it's not too onerous. You've probably already heard the advice NOT to use the same password for every website registration - that's like having identical locks on your house, car, garage, shed, office... check out my 'One Ring' guide for one way of handling multiple passwords.

But even if you do have different keys for everything, you could be in trouble if whoever has built the lock hasn't done a good job of it. Most website designers (especially those primarily concerned with finance) do "build the locks" well, and they respect the privacy of your password "keys," and guard them carefully. Others are, sadly, lacking in this regard. Of course you can never tell how good a website's locks might be from the outside; they could be flawed, or they could be (and probably are) perfectly fine.

There is, however, one way in which you can tell that a website's administrators are perhaps less 'clued-up' than they ought to be about online security. The clue usually comes right at the beginning, when you first register.

If that 'welcome' email includes the password you used when you registered, that is not a good sign.

The standard email is inherently insecure. It's like sending a postcard, instead of a letter safely hidden from prying eyes inside an envelope. Anyone handling that 'postcard' can read what it says. If a 'welcome' email containing your password should go astray (unlikely, but not impossible), then the recipient is handed your key to the lock. And if you happen to use the same password for everything (as too many people do) then that person may have been given access to far more than just the website you signed up to.

This risk to your (and my) security can easily be avoided, but change will only happen if those who send out passwords in emails can be made to realise that they shouldn't be doing this.

I started with a 'please.'

Please, when you next register on a website, if the confirmation email includes your password, please email the website's administrators, and let them know you're unhappy about the fact that they are demonstrating a disregard for your personal security. The message need not be a long one: a simple "I'm not happy about the fact that you sent my password in an email," coming from enough different people, will suffice to encourage them to review their security policies.

And this would benefit everyone :)

Thanks for listening. If you think that this has been helpful, I have another 'please': please vote 'Yes' below!

© Colin Reynolds / Typocheck 2007