Dec 14 2008

We Do Not Store Your Login Information. Really?

Published by Ricky at 10:48 am under Social Media, Web Development

If you use some social networking web sites such as LinkedIn and Friendster, you know that you can easily invite friends in your address book to join your network.

You can either enter the email addresses of your friends manually. Or you can just enter your username and password of your web-based email service, such as Gmail, Yahoo Mail and Hotmail. Then the site will login on behalf of you, extract your friends’ details out of your address book, and send them an invitation email.

While asking for your login details, there is always a disclaimer claiming that “We do not store your login information”. But, do you believe?

As a web programmer myself, I know how easy it is to store people’s password without them knowing. If your login details fall into the wrong hands, the unscrupulous party can just log into your account, read your emails, send emails for you, or simply change your password and block you from accessing your mailbox any more.

I don’t know about you. But I have friends whose web-based mailbox had been hacked and they could not access their mailbox any more. Worse, a hacker even used my friend’s mailbox to send emails out on her behalf!

Of course I do trust sites such as LinkedIn. But if a site called XYZ that you do not know well ask you for login details, will you give them? Better safe than sorry.

From the point of view of site owner, is it good to ask for login details from members? However we claim that we don’t store their login details, they may still not trust us, because we are nobody!

This shows that trust is paramount in doing business, including online businesses. But when we are nobody, it takes time to build trust.

I wish there can be a good mechanism where members can safely invite people on their address book without the site owner getting to know the login details at all.

This is like how credit card details are processed – the customer enters the card number but the merchant never get to see it because it is sent directly to the bank.

Do you have any good solution?

Read related posts

Be updated about this blog by email or in your feed reader (RSS)!

4 responses so far

4 Responses to “We Do Not Store Your Login Information. Really?”

  1. # Pinon 16 Dec 2008 at 1:51 pm

    Use some one way encryption. It works this way. Every time the user entered a password, it was encrypted again and match against encrypted password :)

  2. # Rickyon 16 Dec 2008 at 2:05 pm

    The problem is, how do you ensure the sites encrypt your password sent over to them? Is there anything we the users can do?

  3. # Amranon 18 Dec 2008 at 4:27 pm

    I think there’s now a facility like

    1. Google Friend Connect
    2. Facebook Connect
    3. http://blog.wired.com/monkeybites/2008/03/new-google-cont.html – Google Contact API.

    I think more is in the way in open web. Google Contact API, Yahoo Mail API and soon there’s no need to scrap every website to get your friend contactbook.

  4. # Rickyon 18 Dec 2008 at 9:25 pm

    Thanks Amran :-) This is useful.

Trackback URI | Comments RSS

Leave a Reply