Slippy Douglas…

A quick way to keep your accounts from getting hi-jacked or otherwise vulnerable to security risks is to take care of passwords in cleartext in e-mails.

What do I mean by that? Well, often when you reset your password on a website, they’ll send you an e-mail back with a one-time-use link for resetting your password via the website itself. However, some poorly-written websites will just send you your username and password in a normal e-mail that could be sniffed by a hacker as it’s being sent.

Frankly, the website shouldn’t even have your password in a non-encrypted form. The proper way they should have their site set-up is to store your password in an encrypted form, then when you type it in to log in, they encrypt and check the password entered against your encrypted password in their database

To fix this:

1. Go into your e-mail and do a full-text search for each of the passwords you normally use (yes, everyone does it). This is fairly easy to do and only takes a few seconds in most mail applications and web apps (i.e. Apple Mail and GMail), though some mail programs could take hours (i.e. Outlook).
2. Then note the companies that sent your password in cleartext.
3. Lastly, delete the offending e-mails (make sure to go into the trash and delete them again to fully get rid of them).

Then, I would boycott the site(s) that violated your password privacy. If you really must use a particular site, you could give it a completely unique password and write it down somewhere safe (I suggest an online note-taking tool so that you have access to it wherever you have Internet access).

That’s it! repeat every once in a while, or just watch for new e-mails with passwords in them. Some services will send your password monthly (i.e. the MailMan mailing list server), so those are ones that should definitely be unique.

Until next time… good luck!