Another website that requires you to create a forever non-deletable account to purchase anything. An account which contains your personal information and credit card number [1] and makes you come up with some bogus password with more than six characters, capital letter, and non-alphanumeric character, then, when you forget it, sends it to you in the clear through email.
Which means that they know your password, and that it’s not stored securely, and it’s just a matter of time before it’s hacked.
Bravo! It’s just like taking your shoes off at the airport, and just like waving the bar-code of your high-security badge at the guard who scans it, but fails to check whether you are actually the person the badge is supposed to admit.
Non-secure security, or as it’s known, security theatre.
What happens to that database when the company goes out of business, as it inevitably does? When there’s no one left to be sued, you think they wipe the disks before they turn off the lights, or is it more likely that the repo man just comes and unplugs the computers and sells them to highest bidder, untouched, with your personal information all there to see for anyone who cares to issue a mysql command?
I just want to buy something. Once. I don’t want to have an account, or a password, or an ongoing relationship. Just a fucking one-time purchase.
[1] if you can’t figure out how to handle a password reset securely, why should I believe that you are not storing my CC number insecurely, either in plaintext or unsalted hashes, and that some Senior VP is not carrying them around on his/her non-encrypted laptop? Because I read about this every damn day.