I got a phone call today.
Not earth shattering in itself. But the call was from some folks at Administaff, responding to a posting on Twitter I made a few days ago. The post - in its entirety is:
Administaff says new web site is better cause its “cookie enabled” & users wont have to remember a password. How is less security better?
Now, that’s not a really earth shattering observation, if you read the e-mail excerpt that led to my post:
One of the hallmarks of the new MarketPlace is convenience, and you’ll notice it the first time you log in – because if you bookmark the site, it will be the last time you’ll have to enter a username and password to start saving. The new site is cookie-enabled, so it will recognize your computer every time you access the site.
I received this e-mail as a participant in Administaff services - my company uses Administaff for HR functions.
Although I could belabor the point here, I am not a security expert. But it seems to me that the storage of authentication information in a cookie, as is suggested in this snippet, is not a best practice. Anyone who gains access to the computer on which the cookie is stored could potentially open the web site and be automatically authenticated without any user action.
The folks who called me sought to calm my fears, insisting that the site in question, MarketPlace, does not use or have access to Administaff data, and that they operate independently - although the site uses my Administaff username and password, which seems to partially contradict this statement. I was also told that the site is not operated by Administaff directly, but by a contractor.
The security folks can weigh in on this and make their observations. For me, the interesting thing to note about this is that the posting was made on November 23, and I received the phone call on November 25. That’s a two day turn around for Administaff to see the Tweet, make an assessment, and track me down. And note that I got contacted directly - by phone. Not e-mail.
So the point here is that regardless of what you may think about social media, companies are listening - and responding - to Tweets posted that affect them.
And a pat on the back to Administaff for being one of those companies. I don’t have a huge following on Twitter, but posts can go viral quickly. So Administaff’s response to my post was a terrific example of a company paying attention.
But - I’m not going to use MarketPlace without disabling cookie caching on my browser. And I’ll be checking out MarketPlace shortly to see how that works.