This is slightly off the point, but still relevant, so hang with me for a second...


A few years back, back in 'those days,' I used to work as a database programmer for one of the more sucessful (pre-bubble) non-hotmail web email services. This being the case, I had access to all of our account information, ect... ect... One field was for an alternate email. So, Since people have a tendancy to try to keep things simple for themselves, I decided to try an experiment. It turned out that out of 50 people, 42 used the same password for our system that they did for the alternate they provided.

Not surprising, but still... (before anyone freaks, I didn't read anyones email or do anything like stealing/screwing their account.) If this ratio holds true to the entire membership base, there would have been more than 100,000 valid passwords, easy. As a result of my findings, I decided to work out a hash for our password storage.

My point is this. There is no guarantee that any service you sign up for online has any sort of protection for the information you provide. The people who are dealing with the data you provide might not be trustworthy. So don't give anything you might regret later.

This may be obvious to the majority, but it's still worth mentioning here.