A long long time ago, back when Gmail was still in invite-only beta and invites were actually difficult to come by, I snagged nadyne@gmail for myself. \u00a0This has provided years of unintentional entertainment. \u00a0I’ve amassed quite the collection of other Nadynes who forget their email address or make a typo when entering it.<\/p>\n
Today, via a new Nadyne, I learned about a website called Weebly<\/a>. \u00a0If you’re not familiar with it (I wasn’t before this), it’s a website and blog creator. \u00a0Since that other Nadyne got her email address wrong when she created her website, I got the confirmation email. \u00a0The confirmation email included a link called “auto-login to Weebly”. \u00a0I clicked it, and found myself logged in to Weebly.<\/p>\n Yes, that’s right: without entering a username or password, I was able to login to someone else’s Weebly account. \u00a0What fantastically bad security. \u00a0I can’t possibly be the only person who has received such an email erroneously. \u00a0Weebly should require the user to enter their password when they’re logging in from a browser that they’ve never used before, even when clicking on the link from their confirmation email. \u00a0This is such a basic security mistake that I couldn’t trust them with getting their security right elsewhere.<\/p>\n I can do anything that I like with her website. \u00a0Since I don’t actually know this other Nadyne’s email address, I posted something to her new site saying that I’ve changed her password and that she needs to update her account information with a new password and with her accurate email address.<\/p>\n This collection of other Nadynes has given me a long list of websites that I won’t do business with as a result of their bad security. \u00a0One particular website actually emailed me, in plaintext, another Nadyne’s complete information: her real name, address, phone number, SSN (yes, really!), and credit card number. \u00a0Usually I just email the Nadyne in question to let her know that she needs to (a) update her account to reflect her real email address, and (b) be careful about doing business with a company that will send out so much personally-identifying information via email. \u00a0Perhaps it’s time to mine this for a new series of blog posts.<\/p>\n","protected":false},"excerpt":{"rendered":" A long long time ago, back when Gmail was still in invite-only beta and invites were actually difficult to come by, I snagged nadyne@gmail for myself. \u00a0This has provided years of unintentional entertainment. \u00a0I’ve amassed quite the collection of other Nadynes who forget their email address or make a typo when entering it. Today, via … Continue reading Weebly has an obvious security flaw<\/span>