I just signed up on Vox.com to use for a personal blog. I picked Vox because my impression was that it is MySpace done right. Six Apart+Danga have been around for a while, they know what they are doing. Plus they like Perl (and some Perl folks seem to like them).
So, after I sign up, I get a welcome email with my password, the one that I entered (not a random system generated thing), right there in the plain text of the email. WTF?
Ok, so it is just a blog, not a bank or something but sheesh! Mailman does the same thing but at least it warns you about it.
Am I overreacting or should I look elsewhere for my personal blogging needs?
Update: I also used tried the "forgot password" function and it again emailed my password in plain text. This means that they are either storing the passwords with two-way encryption (unlikely) or simply plain text. This is bad on top of bad. Storing passwords as a salted hash is not hard and pretty much standard best-practice security!
