Social web sites are all the rage these days, such as Facebook, MySpace, Twitter, and there are hundreds of less popular ones as well. The idea with them is that all your friends and family can join and you can share aspects of your life such as photos and comments.
Often these same sites will ask for other passwords, in an effort to help you find more of your friends and family. For example, when you sign up to Badoo.com it asks you for your MSN username and password. They do this so they can log into MSN with your account, get a list of your contacts, and invite them to join Badoo. Facebook can do this too only on a grander scale.
It’s good in theory but there are some large risks involved. When you sign up and are prompted to enter your MSN details (or any other account), consider these questions:
- Who runs Badoo? Is it some guy sitting at home with no one to answer to?
- Do you trust the company (such as Badoo) and all of their employees?
- Do they store your MSN password? (You have no way of knowing this for sure)
- Have their servers been hacked and is someone else also capturing your password? (Again you have no way of knowing this, web sites get hacked every day)
You can see where this is leading. If you enter your other passwords into someone’s web site you’ve lost control and put yourself at some risk.
So when you sign up to a new site and it asks you for other passwords you already have, your initial reaction should be to refuse. Then consider if the benefits of doing so are worth the risk.
I’d like to thank our regular reader Nick for bringing this issue up.