Unfortunately does not feel realistic to use different password for each service one logs into. Somehow deriving them from a service name would void the purpose and using compeletely randomones would make them impossible to remember and thus require one to store them somewhere. Now that's where it gets tricky.

At least I use the services from the Mac, phone and iPad - not to mention my work computer and my wife's Mac. Keychain (and equivalents on different platforms) helps but it should be able to synchronize between devices & platforms to be really usable. Of course there are the numerous password store apps, but as they are not integrated to OS (let alone all of them OSes) they can not be used by the browser and thus require the onerous reading out and typing the password any time one uses it.

Meself I use a few different passwords based on subjective idea of the security level of the service I use them on. Now in this case Amadeus/Kaleva Travel would definitely have caught me unawares too.

--Panu Markkanen, 04-May-2012

Not quite as bad as Amadeus/Kaleva Travel, but here's my list of companies/organisations who have sent me an unrequested password in plaintext:

2011-12: kilometrikisa.fi, three times, upon each season registration 2010: photobox.com, "Was it something we said?" "We've noticed it's been a while since you last accessed your account, so we're dropping you a line with a reminder of your PhotoBox details, just in case you've misplaced them." 2009: TVKaista, upon registration 2008: Nokia Music, upon registration 2006: Rpoints, upon registration 2006: NowPublic.com, upon registration 2006: NTKnow.com mailing list, upon registration 2005: Urban Dead, upon registration 2005: O2, upon registration 2005: Ents24.com, upon registration 2004: Wippit, upon registration 2004: IESAF.fi, upon registration

--Hugo, 04-May-2012

One of the greatest moments was when the clerk for Left Shoes asked for my password so that she could create an account for me. I was like WTF, and she went "well, we need to know your password so we can tell it back to you if you forget it."

--JanneJalkanen, 05-May-2012

Could you specify a little bit? Just to be clear…

– I assume you did pick the password yourself?

– Where did you do that? At Amadeus?

– How does Kaleva Travel and Amadeus relate to each other in this case? How did they know to send them email?

--Erkka, 12-May-2012

Yes, picked the password myself.

I don't know what the relation between those two companies is. The emails came from Amadeus, but they were Ccing the Kaleva service desk. Which is really strange. I'm expecting to find out soon more.

--JanneJalkanen, 14-May-2012


More info...     Add comment   Back to entry
"Main_comments_040512_1" last changed on 14-May-2012 21:38:47 EEST by JanneJalkanen.