How much security is too much security?

This morning I read an article by Bob Caswell on Tech Consumer entitled, Bad Form: Companies Still Send Passwords via Email. The point of this article, as communicated in the title, is that many companies, despite email’s inherent security issues, send via that method a person’s username and password for their website.

Without question, email is among the least secure communication methods we have, akin to shouting your most private details while standing on a busy street corner. The question, however, is not whether this method is insecure, but whether it is too insecure for the purpose of communicating login information.

Perhaps the best argument against Mr. Caswell comes from the person he called out to in his article, Jason Calacanis. Writing in the comments as “Jason”, the founder of Mahalo suggested that for something as irrelevant as a social networking site, the ease of email outweighs the lack of security. He suggests that your bank login would be a different story, requiring a much more secure process.

While Mr. Calacanis’s point is justified, there remains much to be said about catering to ease-of-mind. In this environment of sensitivity to issues of identity theft, there is a strong business case for keeping login information secure no matter the application. As Mr. Caswell suggests, most people reuse the same passwords for many purposes. Those with a bit of knowledge about the ‘perils’ of email communication might, justified or not, reject a company for the reason that they do not adequately protect the information with which they are entrusted. With more people worrying about protecting every aspect of their identity, is it really worth losing customers because you decided your site does not warrant greater security? Are you, Mr. Website Owner, really the best person to make that determination? Should you not provide the most secure option possible to ensure you are not the point of weakness in a person’s attempts to maintain their privacy?

I apologize for all the questions. One thing I have learned, when it comes to security, privacy, and other such issues, is that there are always more questions than answers.

Posted in Articles |

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.