I chuckled at this post a few minutes ago on Mashable–talking about how a Twitter ranking site might be a phishing scam for passwords. The site — twitterrank — claimed to give out a numerical rating of how popular any particular account on twitter was. Someone pointed me at the site last week and the first thing I thought was: uh-oh, not another “give me your password site.”
Even if it’s not a phishing scam, it could easily be. It follows the usual human-engineering techniques appeal to everyone’s sense of vanity (”how popular am I?”), or greed (”make money now!”), or other human foible (”free sex!”) and ask for a password/credit card information. As a recovering systems administrator, it’s amazing how easily people give out their password to anyone and everyone.
Unfortunately, it seems like all too many Web 2.0 web sites ask for your password to other web services, making the practice of password sharing all too common. If you’re going to trust every single new Web-2.0-startup-really-two-guys-and-a-dog with your Gmail/Yahoo/etc. address, it’s not that hard to sign up for the next really-cool-web-2.0-site-oops-its-a-scam with your same password/email.
The lesson of the day? Well, if you gave anyone your password recently, change it – and when the next “really cool” Web 2.0 startup wants the password to your email/life/bank account, think twice.
(ps, also do not make your password your kid’s name, “sex”, your first name, your wife’s name, your favorite kind of car, color, etc. — and don’t use the same password on services like Twitter as your bank account)