Security Fail Award of the Month

      Comments Off on Security Fail Award of the Month

There are endless competitors for this, but surely some sort of major stupidity award is due to the Dollar Rent-a-Car password system as described by Geoff Kuenning:

But the winner of the incompetent-design sweepstakes has to be Dollar Rent-a-Car, who asked me for the last four digits of my driver’s license number and my birth date for verification (but not my old password). Then, when I clicked “Change Password”, it took me to a customer-support e-mail form! Apparently I was expected to type a message asking a human to change my password for me. I declined; it seems monumentally stupid for them to let one of their employees to have access to thousands of customer passwords. Instead, I used the form to ask them to let me know when they deploy a secure system.