I went to a site to download a trail software. They made me create an account. Ok, I'll give them their tracking info, since they cannot seem to get it from a click event on the URL.
They responded with a thank you email, and in the email was my Username, Pwd, Security Question, and Answer to the Security Question, in plain text.
I would like to share the dialog and response from their Software Production Manager. (Read from Bottom up)
PS. The Site is: http://software.sharepointsolutions.com/Pages/default.aspx
Jeremy,<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p>Thanks for the response. If you chose simplicity over security, then why do you require users to create an seemingly secure account to download trial software?<o:p></o:p><o:p> </o:p>Thanks,<o:p></o:p>Me<o:p></o:p><o:p> </o:p>
Sent: Wednesday, April 02, 2008 3:05 PM
To: ME
Subject: RE: You have successfully registered for the site 'http://software.sharepointsolutions.com' <o:p></o:p><o:p><FONT face="Times New Roman" size=3> </FONT></o:p>Dear ME<o:p></o:p><o:p> </o:p>I sincerely understand your complaint. We chose simplicity over security in this case as our site doesn’t contain any confidential information. However, I would be very interested in hearing another solutions, maybe there is a process you think is better? Regardless, I appreciate your registration. Please let me know if you have any additional questions or comments.<o:p></o:p><o:p> </o:p>Regards,<o:p></o:p><o:p> </o:p>Jeremy Luerkens<o:p></o:p>Manager, Software Production<o:p></o:p>SharePoint Solutions<o:p></o:p><o:p> </o:p>P.S. This e-mail was sent out via our Extranet Collaboration Manager application. The e-mail message is customizable so the sensative information may be removed in your implementation.<o:p></o:p><o:p> </o:p>From: ME
Sent: Wednesday, April 02, 2008 12:54 PM
To: Software Support
Subject: RE: You have successfully registered for the site 'http://software.sharepointsolutions.com' <o:p></o:p><o:p><FONT face="Times New Roman" size=3> </FONT></o:p>Dear Support,<o:p></o:p><o:p> </o:p>Thanks for the clear text email over HTTP that shows my username, password, Security Question, and answer in 1 location.<o:p></o:p><o:p> </o:p><o:p> </o:p>Me<o:p></o:p><o:p> </o:p>
Sent: Wednesday, April 02, 2008 1:43 PM
To: Me
Subject: You have successfully registered for the site 'http://software.sharepointsolutions.com' <o:p></o:p><o:p><FONT face="Times New Roman" size=3> </FONT></o:p>Dear Me, <o:p></o:p>You have successfully registered for access to the 'SharePoint Solutions Software' site located at http://software.sharepointsolutions.com. <o:p></o:p>Your login credentials are...
UserName: “Actual Value”
Password: “Actual Value”<o:p></o:p>Your secret question and answer are...
Question: “Actual Question”
Answer: “Actual Answer”<o:p></o:p>Thank you, <o:p></o:p>softwaresupport@sharepointsolutions.com <o:p></o:p><o:p><FONT face="Times New Roman" size=3> </FONT></o:p>