We often moan that people’s ignorance in information security contributes the most in all incidents. We, out of our gut feeling, believe that the professionals will try their best to keep everything in order. I mean, everything, not just the security of my laptops, corporate networks, but also my credentials and personal information.
But always there are exceptions catching us by surprise. This is a screenshot reminding the recipient to change his password, out of security practice (regularly change users’ passwords I guess?)
Now look at the picture. What’s wrong with the mail?
I was caught by the blunt, red line in the center of the map visualized by Mr. Post. It’s not common today to deliver emails in insecure pipelines. SSL/TLS has been implemented for so many years. There is no any reason justifying the behavior of not using TLS in email transportation.
I became stunned when my eyes spotted the password entry in the mail. That means, the temp password of the account has been transported over the Internet in naked. The top secret might have been read by many others!
It’s hard to believe that even in 2018 a software vendor is still using a primitive method to send top secret over the Internet. I start to worry about its ability to protect its customers’ information.
What can we do in such a situation? If this hits you as well, log into your account immediately and change your password asap.
Honestly, I wouldn’t have noticed this mistake without the map from Mr.Post.
A few more things you need to consider when setting up your new password:
- Use complex combination. You should combine letters, numbers and symbols whenever possible.
- Don’t use your birthday as the password because you announced your birthday on social networks, didn’t you?
- Don’t write down your password. I know how convenient it is to hang a Post-it with passwords on your display. But this is really silly.
Don’t be the next fraud victim. Install Mr. Post on Microsoft AppSource at zero cost!