[Cialug] Dumb. Dumb Security.

Todd Walton tdwalton at gmail.com
Tue Aug 21 09:43:06 CDT 2012


On Mon, Aug 20, 2012 at 5:47 PM, Michael Davis <mpdavis at iastate.edu> wrote:
> While their response is a bad one, you probably aren't talking to a
> developer.  More than likely you are talking to someone in PR or marketing
> that had a 5 minute conversation with a developer and doesn't fully
> understand what is going on.

You are correct.  Here's the final (and satisfying) response that I got:

=======================================
Hi Todd,

Thanks for taking the time to reply. Based on your response and a
brief conversation
with one of our engineers I now realize that I was not correct in my
assumption that
our email provider could transfer a message to your mail server in a
secured format.
I will be sure to keep this in mind the next time someone asks about
email security.

When we launched the email alerts we realized that a small percentage
of users (of
all levels of tech savviness) would be uncomfortable with account balances being
sent via email. For this reason we added the email preferences
feature. This feature
combination is identical to what other sites such as Mint.com,
Personal Capital, and
Wikinvest use for their mails with similarly sensitive information.

That said, we appreciate you pointing out this risk and will keep it in mind.
Hopefully a middle ground option will emerge that doesn't result in us
only being
able to send mails with details such as "log back in to view your
updated account
balance" or similar.
=======================================

That's good.  I also use Mint.com and I have no problems with their
service.  (And while we're at it, Michael, WebFilings seems like a
pretty good company, too.  Damned slick product.)

--
Todd


More information about the Cialug mailing list