The past few weeks have been busy for me as I add or renew personal and business memberships. I also dropped my membership in the Better Business Bureau (BBB). The reason for the latter has to do with passwords and privacy.
I joined the BBB in 2011. Last year, the BBB posted my unhidden BBB password in my renewal e-mail message. For some time before then, news outlets documented the lack of privacy controls in e-mail messages. What’s more, some pieces of my BBB account password were in other passwords I use to access other websites.
I updated a lot of my passwords quickly. When I was done, I expressed my concern to the head of the BBB office in Sacramento. The head of that office assured me that such transmission would never happen again, and that a note about this would be put in my member file.
After I renewed with the Better Business Bureau in March this year, I received a thank you e-mail message. This message once again contained my user name and my entire unhidden password. I promptly e-mailed the head of the Sacramento BBB office about this. Her e-mail response explained that the person who sent the message was a new employee and he didn’t read my file.
Her response also contained the entire original message with my unhidden password. So, now I knew the previous message wasn’t an innocent mistake. I responded to her in a separate e-mail message to prevent further transmission of my password, and told her that either BBB staff didn’t train its staff correctly or my “member file” didn’t exist. She apologized again and refunded my dues quickly, but I won’t be a Better Business Bureau member anytime soon.
Though I look at and change my passwords on a regular basis, this incident happened in between those regular checks. I neither appreciated having to put other work aside to check and change more passwords nor the anxiety.
So, I want to share this cautionary tale with you and offer some ideas if you’re concerned about passwords, too.
If you’re thinking of sending passwords via e-mail, or even document attachments with important information like your signature, there are three ways I protect my documents. You may want to consider these strategies as well:
- Your e-mail software may offer the ability to send encrypted messages, where both you and the recipient need a “key” to open the message. If you use Microsoft Outlook, you can get instructions how to do that on the Office help website.
- If you use Adobe Acrobat, encrypt your PDF document with a password that the recipient knows.
- You can also use a file compression program such as 7-Zip to not only compress the file but also require a password to open the compressed file.
In the latter two cases, you may need to talk about what password you want to use and keep the references reasonably cryptic. For example, you may tell the recipient to use the first few letters of a word combined with the last three digits of a number that both of you know.
I hope this helps. Please let me know if you have any questions or further thoughts. In the meantime, I hope you have a happy and safe Memorial Day weekend.