Insecure.

!--begin geek rant
My company is financed by an outside company. It's the only way we can afford to grow. It's an expensive proposition: they get chunk of sales off the top, and in return we get 95% of our receivables within a few days of billing them. Such is the tradeoff of the small business concern.

Sales data is entered remotely, via their extranet.

They had to set up another account for us today, because of something we were doing that required a different accounting method. I called the rep because I hadn't received my password.

She said: "It's the same as your current login."
I said, "No, I actually changed our password right after you set up the account."
She said "But I just got it and gave it to your partner. Isn't it -"

And then she told me my password.

Now, in every fucking half-secure system on the planet, passwords are encrypted, and tech people should only be able to CHANGE a user's password, not look it up and give it out. This security method allows tech people the ability to help a user who has forgotten their password, but unable pull the user's password and get into their account.

And if the passwords are just STORED somewhere in employee-accessible form, they're ripe for stealing.

I told my rep this.

She said: "What would you do with any of that information, anyway?"
I said: "For starters, I'd take all of the stored employee data and go on a massive identity theft binge."
She said: "Well, we won't hire YOU."

Ha fucking ha.

I'm kind of blown away. This place is owned by a fucking BANK. Then again, I should have suspected as much when they told me that fixing a Java error in their accounting software was a "feature request."

Shit.
!--end geek rant

Love to all. Even you, Pedro the tech guy.