v[ep_!)7@=2n9B

Yep, that’s the password my wife and food blogger Foodiesuz received from Food Network Canada last night.  Via plain-text email of course…

Lucky for her, Foodiesuz was not destined to use good ol’ v[ep_!)7@=2n9B forever.  (She’s busy! Who has 3 minutes to type a password anyway?) There was a link to change the password to something more friendly.  But the user selected password had no rules for composition as far as we could tell, i.e. it could be a simple dictionary word.

Perhaps most strangely, the new password takes time to be activated:

User Password Reset
You have requested that a new password be generated and sent to your email address(zzz@yourdomain.ca). Please allow up to 15 minutes for it to take effect.

What is the point you Food Network Canada people?!?  You’ve seriously missed the boat here with your password policy and subsystem:

  • The value of the information being protected is nominal.  You don’t need a strong password, let alone the abomination v[ep_!)7@=2n9B…
  • If you think the account needs such a strong password, why send it in plain text email? And why do you allow dictionary words when the user resets the password?
  • And just what is happening in those 15 minutes anyway? This is very curious… Do you have someone typing a memo to be authorized by management?

Truly odd.

Mike

2 Responses to v[ep_!)7@=2n9B

  1. That was the most ridiculous password I have ever seen in my life. It made me laugh out loud. And I’m a lay-person!

  2. […] web sites have silly ideas about passwords and […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: