So here’s a thing that keeps me up at night: we get a lot of submissions about programmers who cannot seem to think like users. There’s a type of programmer who has never not known how computers worked, whose theory of computers in their mind has been so accurate for so long that they can’t look at things in a different way. Many times, they close themselves off from users, insisting that if the user had a problem with using the software, they just don’t know how computers work and need to educate themselves. Rather than focus on what would make the software more usable, they program what is easiest for the computer to do, and call it a day.
The same is sometimes true of security concerns. Rather than focus on what would be secure, on what the best practices are in the industry, these programmers hammer out something easy and straightforward and consider it good enough. Today’s submitter, Rick, recently ran across just such a “security system.”
Rick was shopping at a small online retailer, and found some items he liked. He got through the “fill in all your personal information and hope they have good security” stage of the online check-out process and placed his order. At no time was he asked if he wanted an account—which is good, because he never signs up for accounts at small independent retailers, preferring for his card information not to be stored at all. He was asked to fill in his email, which is common enough; a receipt and shipping updates are usually sent to the email associated with the order.
Sure enough, Rick received an email from the retailer moments later. Only this wasn’t a receipt. It was, in fact, confirmation of a new account creation … complete with a password in plain text.
Rick was understandably alarmed. He headed back to the site immediately to change the password to a longer, more secure one-off he could store in a password manager and never, ever have emailed to him in plaintext. But once on the site, he could find no sign of a login button or secure area. So at this point, he had an insecure password he couldn’t appear to use, for an account he didn’t even want in the first place.
Rick sent an email, worried about this state of affairs. The reply came fairly rapidly, from someone who was likely the sole tech department for the company: this was by design. All Rick had to do next time he purchased any goods was to enter the password on the checkout screen, and it would remember his delivery address for him.
As Rick put it:
WHO COULD EVER THINK THAT THAT’S A GOOD IDEA?
So you send a random password insecurely and don’t allow the user to change it, only because you think users would rather leave your web page to login to their email, search for the email that includes the password and copy that password in your web page, instead of just filling in their address that they know by heart.
Of course in this case, it doesn’t matter one bit: Rick isn’t going back to buy anything else. He didn’t name-and-shame, but I encourage you to do so in the comments if you know of a retailer with similarly bad security. After all, there’s only one thing that can beat programmer arrogance in this kind of situation: losing customers.
integrates with an ever-growing list of tools to automate and facilitate everything from continuous integration to database change scripts to production deployments. Interested?