John C. Kirk (johnckirk) wrote,
John C. Kirk
johnckirk

Password security

When I signed up with Facebook last year, I mentioned that I didn't like the "find friends" option. Basically, it asks you to give them the password for your webmail account so that they can look at your address book and see whether any of your friends are already registered. I, however, was disinclined to acquiesce to their request; with my password, they would be able to impersonate me (sending emails on my behalf), intercept incoming emails, and even lock me out of my own account. I'm not saying that the Facebook programmers in particular would necessarily do any of these things, but I prefer to be cautious about handing out that type of information.

This may seem a bit paranoid, but I read an interesting post today at Coding Horror: A Question of Programming Ethics. Basically, somebody wrote a shareware program called "G-Archiver" that will store a backup copy of your GMail messages on your hard drive; in order for this to work, you obviously have to provide your password. However, it turns out that the program was emailing all these passwords back to the programmer. Oops.

In fairness, you need to type your password into your computer somehow if you want to get at your email; this could be through a web browser or a dedicated email application (e.g. Outlook Express). So, you have to make the trade-off: who do you trust? Personally, I'm willing to trust Microsoft applications, although I know that other people disagree. I'm also willing to trust Firefox. However, open source isn't a panacea; just because something can be read, that doesn't mean that anyone has actually read it, particularly if it's obscure. It's also worth mentioning that the same thing could be done on other platforms (e.g. a Mac); this isn't a virus, it's the program doing exactly what it was designed to do.
Tags: computers, open source, security
Subscribe

  • Broken chain

    This time last year (April 2017), the chain snapped on my touring bike. To be fair, it had lasted 3118 km, and these are essentially consumable…

  • WNBR 2015

    I've been involved with the World Naked Bike Ride since 2009. This year, I took part in three rides: London, Brighton, and Bristol. I also did a few…

  • Free stuff

    I'm having another clear-out, to get rid of some of my accumulated clutter. If anyone would like any of these items (free of charge), just let me…

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 5 comments