The recent HipChat breach served as a timely reminder — always be vigilant when it comes to site security. Sadly, some companies are a little… loose when it comes to hardening their online presence and others even go to the extreme of — unintentionally — handing the bad guys the keys. Here are some examples that’ll have you wincing in your chair.
Fortunately, the image above isn’t real and simply a joke created on Reddit. However, as Microsoft MVP Troy Hunt talks about in a recent blog post, lax security for login forms and the like is rife:
But here’s the thing — it’s feasible. No really, I’ve seen some very stupid security stuff out there the likes of which make the above example not just believable, but likely. Don’t believe me? Here, hold my beer…
Hunt goes to provide some very worrying examples from years gone by of companies with poor username / password implementations, including Black & Decker and even Aussie Farmers.
That’s not the worst of it though — when Hunt made these companies aware of their security issues, their responses were less than reassuring, such as this one from a “marketing manager” for AF:
To date we’ve not had a single security issue stemming from new customers being emailed their password, and I know for a fact 90% of the sites I personally sign up to online also follow that same process.
It doesn’t end there. How about the security question “What is the Capitol of California”? Or a HDMI cable that has “anti-virus” protection? I don’t even know what that means.
Hunt’s post has a great collection of terribleness that is sure to make you feel better about your own security measures.