I filled out a survey today for Heifer, one of the coolest charities, and at the end there was a password entry item that not only sent the password to the server in plaintext (sadly common) but didn’t even bother to obscure the password when you typed it in the form, which was completely weird and sloppy. So I sent them an email. From the response below, I don’t think they understood what I was concerned about. This isn’t particularly sensitive data, but to me it seems kind of rude to not be slightly more concerned about secure data transmission (and it gives a bad impression of the company’s standards).
The company listed as creating the survey site is called Vision Critical (http://www.visioncritical.com/).
I’m usually a little more polite when I email strangers, especially to complain. I was still waking up when I wrote the bit below or else I’d probably have managed to write something less abrupt. Sorry.
Sent: January 31, 2006 9:02 AM
Subject: Password issue
The password box at the end of the Heifer Voices survey has absolutely no security measures applied. I realize that this isn’t a high security need site, but it seems pretty strange that the password appears in plain text in the box (not obscured in any way) and the page with the password entry is not encrypted. I really think you should fix this before more people start using your survey system.
Subject: RE: Password issue
Date: January 31, 2006 6:14:02 PM PST
The data collected in this questionnaire is kept strictly confidential. The password you create is stored in a password protected database, and appears only as dots in this database.
The Heifer Voices Advisory Panel Team