Saturday Oct 21
May
22/09
What’s Your Preferred Internet Password?
Updated on Saturday, 23 May 2009 12:05
Share

Oh, so what; you’re not going to tell me?

It should be fine for me to ask, Priceline does…

I’ve seen references to a ‘popular travel site’ using this question from years ago, but I certainly never expected to see this in 2009. When you log in to the Priceline.com site, it asks for your email address and your security question (or as they call it, your sign in question). I was shocked when I used Priceline to book recent travel to the West Coast and had to set my login preferences.

One of the options under personal information is to set your security question to “What is your preferred internet password?”. I’d have to say that’s irresponsible AT BEST.

Well, at least it’s a secure https page, right? ;)

 

# # #


4 Comments
  1. CommentsMichael Janke   |  Friday, 22 May 2009 at 9:57 pm

    It’d be amusing if it were not so brain dead.

    –Mike

  2. CommentsRev   |  Saturday, 23 May 2009 at 1:50 am

    I would hope that they are encrypting the responses to those questions…. But what do you think the likelihood of that actually is? Even if they are encrypting the responses, you are absolutely correct in pointing this out. We all know that users tend to reuse the same passwords over and over again. In specifically asking for their “Preferred” password… should that table ever be subjected to compromise….

  3. Commentsjj   |  Saturday, 23 May 2009 at 12:02 pm

    Rev,
    I have no clue how they’re storing the data (intact or hashed). I’d assume it’s hashed just as a password would be. The sign in page is an https, so the entry should be sent across the wire encrypted (if all is in order). You’d be surprised how many log-in pages are NOT encrypted.

    Either way, that’s a ridiculous question to ask since the vast majority of the public re-use passwords for everything from email to Myspace and bank accounts.

    -jj

  4. CommentsWhat's in an email address? | Challenging Complexity...   |  Monday, 12 December 2011 at 7:57 am

    […] Often this identity is all you need to carry out that password reset; gain control of an email address or account and you have instant access to a mind-boggling array of personal accounts and information. Often the ‘forgotten password’ link simply asks you for your address, sometimes you may be prompted for more information – ‘mothers maiden name,’ ‘place of birth,’ ‘month of birth’ etc – social media anyone. Some sites even ask you for ludicrous validators like “your preferred internet password.” […]


Leave a Reply