Sometimes, when you see an odd behavior by a popular application, something that is either obviously wrong or not the standard way of doing things, you wonder if it was a conscious decision on the part of the developers, or simply something they had overlooked. I was puzzled by two such incidents recently, one from Hotmail and the other from WordPress.com.
I had not been using Hotmail for sometime and had forgotten my password. When I went to reset my password, one of the choices offered was to send the password reset instructions to the email address to which I had forgotten my password. I cannot understand under what circumstances would selecting that choice be a meaningful operation. This is like a locksmith telling you that he will drop the instructions for opening your house door through your chimney when you are locked out of your home and are standing outside.
I recently created a new cricket blog using WordPress.com. It seems that when you create a WordPress id, they send your username and cleartext password to you in email. This is a little unnerving, because most sites never send you their password or only send you a temporary password, that you are forced to change immediately at the next login. This is a security risk because someone (who can gain access to the email account) could easily view the password and use the account. If you only had reset instructions or a temporary password, you would know if someone used your account because they would also have to change your password.
Windows live recently got out of beta. I think MS could take a leaf out of Google’s book – keep the mail service in beta just like Gmail, which seems to be in perpetual beta. You can’t complain about beta products!!!
But let me try to be fair to MS: Did you give your own ID as your alternate email? (I tried that myself, it is not allowing me to do that, but that could be a recent fix)
No, I had a different email address as my alternate email address. So I was able to get my password. But I wonder why the option to send the password to the locked-out account is available.