I see what you did there
I want the Reg gravestone icon back.
British shoe shop chain Office is the latest corp to cop to a computer security breach – one that's leaked names, addresses, phone numbers, emails and passwords of its customers. The high-street name is refusing to say whether those web account passwords were stored in plaintext, or in a hashed or encrypted form. The firm …
This is happening too frequently. It seems every website you go to these days wants you to create a permanent account, with an associated unique (hence forgettable) password. I'm sick of it. The other day I wanted to buy my sister a Next voucher, which should have been a simple online process, but there was no way to do it without creating an account - so they lost my business.
Retailers - if someone placed a one-off order over the phone, would you force them to create an account? No? Then why would you do that for an online purchase? By all means provide an option for people to have their details stored with you for their own convenience (not yours) if they choose to accept the risk that you'll disclose (accidentally or deliberately) that information to others, but don't make it a prerequisite for business, or you will lose customers.
"Retailers - if someone placed a one-off order over the phone, would you force them to create an account"
Almost every retailer I know that takes an order over the phone automatically creates an account in their system for you. It may not be linked to an online one but almost every business has an accounting system where an account is created per customer, most will also link that to the sales as well so that management can toss themselves off over the largest customers latest purchases. This has been common practice for years (both the account creation and the tossing).
"Never mind over the phone. What if you walked in to a physical shop (I know, SO last century) and before they allowed you to buy anything you had to give the the shop assistant your full name and email address. You just wouldn't do it."
Of COURSE I would never do it! *scoff* (hides Tesco clubcard under the table)
There are some shops that do just sell the goods and it gets recorded in a common "account" for walk-in customers.
If I buy something like a pair of socks, I don't particularly want to have to tell you my name, address age and inner leg measurement, I just want to receive my goods and be on my way. If you don't stock an item, or maybe I need an appointment, sure, I'll leave some contact details, for that purpose only.
As for warranty, the original receipt should contain enough information for you to identify the product was purchased from you, and should be printed in a manner that will last the warranty period.
If something goes wrong, and you need my details for warranty purposes, I'll provide them, but otherwise you shouldn't need my details.
Right up there in the irritation stakes are those companies who don't list prices, instead you've got to contact them. These companies get my business only as a last resort after every other possible avenue has been considered (including doing without).
>>"What if you walked in to a physical shop (I know, SO last century) and before they allowed you to buy anything you had to give the the shop assistant your full name and email address. You just wouldn't do it."
Happened to me some years back buying a printer from Curry's. Got as far as having the cash in my hand and the assistant started demanding name, address, email / phone. Said 'no' and they actually refused to sell it to me. So I left.
They have to take those details. Either:
1) Electrical goods for safety/recall. Though possibly not, as others stores do not do this. However which would you prefer? The store that calls you to say the kettle/cooker/microwave has been recalled as it explodes, or the store that never bothered to get your phone number?
2) To send you adverts in the post.
I'd prefer the ease of mind knowing I'd get contacted (as they are legally obligated to) if there was a problem, over worrying about a tiny slip of paper in the letter box advertising the latest 10% sale. Junk mail or not, I'm not drowning in it any time soon.
Happened to me some years back buying a printer from Curry's. Got as far as having the cash in my hand and the assistant started demanding name, address, email / phone. Said 'no' and they actually refused to sell it to me. So I left.
I would have given them some details:
Last name: Business
First name: None
Initials: O Y
… you get the idea.
This post has been deleted by its author
Whilst I agree with all the points you make here, and share your irritation at the spiralling number of passwords you need these days (I keep all mine in a secure mini-app I wrote myself), the problem is deeper than just this issue.
There is no guarantee of quality of security when using sites like these, and some kind of security audit kitemark type scheme, possibly linked to the site's SSL certificate so that browsers could be configured to avoid all the amateurish sites is sorely needed.
And for the idiots who run the "Office Shoes" website, here is some basic free advice : you don't allow external logins to your production servers ever, only through firewalls configured to allow access from known IP addresses. Preferably one IP address only accessible via SSH, that of an intermediate proxy server, the IP address of which is known only to your sysadmins.
"There is no guarantee of quality of security when using sites like these, and some kind of security audit kitemark type scheme, possibly linked to the site's SSL certificate so that browsers could be configured to avoid all the amateurish sites is sorely needed."
And where exactly do you think the average online store owner will get the money required for such audits? Or are we considering a half-arsed script run remotely by Verisign to be enough to call it "audited", thus invoking a lovely sense of false security?
There was a pub in Worthing which had a reputation that it was easier to get a joint than a pint. After a major raid by police it got slammed with all manner of fines and sold...The new owners called it Boots (but the sign showed it was nothing to do with a chemist of a similar name).
Anon because I can (and probably should on this one)