I like ordering pizza online because it’s really convenient. My preference is Papa John’s but I make concessions for others. I ordered pizza a while back from Pizza Hut (using nyms for the email address) and everything went okay.
I went back this evening but had forgotten my one-off password. I used their password reset and what did I get in my email? My original password. In cleartext. Normally the way this works is they email you a link that you can click on to set a new password. The link is only sent to your email so hopefully you’re the only person that gets it. The link in the email is specific to you and will eventually expire. Apparently, Pizza software developers have never actually used any other e-commerce systems, or forum or news or blog or any other system that uses a password either.
Now more than ever I’m making sure I use unique, randomly-generated password for everything and if I lose it, so be it.
Post a Comment
Note: Only a member of this blog may post a comment.