walkitout (walkitout) wrote,

Oh, JewishGen, powered by ancestry.com. You're so cute.

I hadn't logged in to this no-cost genealogy website for a long while -- 556 days, I think it said. It wanted me to confirm my information, and then I was off to change the password, because it was one of my weaker passwords and a duplicate and I am slogging through the slow process of de-duping (I'm doing this slowly, largely because of the certificate issue -- so I'm only updating things LastPass tells me to update, and then experimenting with a few others to see how they handle changes. This was an experiment).

First, it's kind of a PITA to figure out where people hide the Change Your Password option. But okay. I'm building a repertoire of the various possibilities and getting faster. Also, some sites are very annoying about whether they allow nonalphanumeric characters (they either don't allow or require them). But yeah, whatever. Generally speaking, you have to confirm your password (_after_ producing it to log in in the first place) to change it, and then you have to enter it twice. Quora.com only requires it once, so that's something. And JewishGen doesn't require a password confirm. Then on top of that, JewishGen displays the password _in the clear_ after you change it AND it emails you your entire profile INCLUDING the in the clear password after, and there's no obvious way to make it not do so.


In good news, I've spent several minutes trying to imagine any way that anyone could cause me any amount of trouble if they hacked into JewishGen. And I'm coming up with absolutely nothing, which is in stark contrast to netflix. I canceled that a while ago, and I went over there to update the password (weak, duplicate AND they've updated their certificate so It Was Time and LastPass told me to). I keep trying to figure out how to delete my account (I think I have to call) or at least the last payment method used (can't even zero that out!!!). It's hard to see it being hugely problematic; the last four digits of a credit card are pretty easily accessible, altho I understand that people have used the last four as part of a social engineering hack to get more.

I'm remembering, once again, why I just couldn't be bothered to come up with unique, strong passwords for all of these sites. What is the point if they're just going to fricking email the thing to me?
Tags: daily activities
  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.