stm4e (stm4e) wrote,

Security is our top priority

So we hired this company to manage all the tax forms and stuff that we need to pay the person who watches the baby. (This, by the way, is what makes me a little sympathetic to the Tea Party type people- if I have to pay someone extra money to deal with all the forms because I want to be honest and actually pay taxes on our minimum-wage part-time babysitter, there's something wrong with our tax system).

Anyway, they do everything on the web, which is nice, but their "secure server" was down for a few days, and so I couldn't get to the forms. They were very apologetic, but didn't want to send the files I'll need over email, because it's so insecure. Which, well, ok, I guess I understand. I don't really think anyone's sniffing my packets, but I guess it never hurts to be safe..

So today, their server is back up, and the send me -via email- my account information to the "secure server", including my password in red text in the body of the email message. The password itself is... well, let's just call it "remarkably insecure" and leave it at that. And there doesn't seem to be an easy way to change the password, either.

I'm not really that upset (well, I am a little upset about not being able to change the password- what the hell?), but I think it's interesting how people get all paranoid about people reading your email, but think that adding one (easily defeatable) step of distance from that makes everything secure.

"We can't send you these private documents by email, because its insecure, but we'll tell you over that insecure system exactly how to get to them. We pay attention to your security!"
  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.