Let’s face it; we all reuse the same password for login accounts all over the Internet. At best, some of us create a few passwords through which we rotate. So why is it that some companies still insist on sending me my password via email right after I create my online account? The reason I have a password in the first place is so that it doesn’t flow back and forth openly in cyberspace only to reside peacefully on multiple mail servers.
This type of action, to me, is a sure sign of amateurs at work. In fact, it’s the lazy man approach for me to give (or take away) initial credibility to any company, startup or established: see how they handle the process of creating an online account.
Just the other week, a classic case of stupid reminded me of this. An affiliate program I signed up for wanted to make sure that my password was at least eight characters long and included both numbers and letters. It was then promptly sent out to my email. Wow. Thanks for making sure it was a good password!
My only workaround to this all-too-common problem is to sign up with any new service with a token I-don’t-care-if-you-know-my-password password only to change it to a real password after a) I receive that initial “thanks for signing up, here’s your account info” email and see that the password was not included and b) find that I am interested in using the service for longer than just my first time of messing around.