I just applied for a summer internship at one of my credit card providers (Mitsui-Sumitomo) and guess what, they sent me my username and the password i set in a plaintext email.

The only single time i can accept that they email me my password after registration is when the initial pass is random generated and i’m required to change it at the first login. But sending me the password i set myself and been using for the past month? What the hell?

This is one of the few things that pisses me off every time it happens. Why the bloody fuck would you store passwords in a reversible format? Hash it. Or encode it then hash it. Rainbow tables? I don’t give a fuck. Salt it.

Whatever, you’re pros, you’re handling credit card payments, you’re supposed to know a thing or to about securing data. Sending the user’s password out in a plaintext email is not what i call secure.