Sep 20 2008

StumbleUpon: Not impressed by security

Published by at 10:24 am under Simple Security,Social Networking

I’ve avoided using StumpleUpon and most of it’s ilk for a long time.  I’ve preferred to keep up to date on the news by using sites like Techmeme or by reading the long list of RSS feeds I have in Bloglines.  But as of late I have been encouraged to branch out a little and start trying a few sites I wouldn’t normally use, like FriendFeed and StumbleUpon.  I haven’t gotten too far into FriendFeed, but even cursory usage of StumbleUpon has left me with a bad taste in my mouth.

First off, there’s the whole dependence on the StumbleUpon toolbar.  When I created the account, I told them I didn’t want the toolbar.  The first time I logged in, I had to tell them again, no, I don’t want the toolbar.  A couple of days later, I got an email, once again encouraging me to download and install the toolbar.  I still wouldn’t have installed the toolbar if not for one simple thing:  I wanted to change my password from the default they gave me.  And guess what, the only way to change your password in StumbleUpon is through the toolbar.  I thought that I was just being obtuse, but upon doing a Google search I found that the toolbar really is the only way to change your password.  Dumb, StumbleUpon, really, really dumb.  I should be able to change my password without installing the toolbar, even if you won’t let me use the majority of your features without the toolbar. 

Then there’s the password itself:  the password that was originally created for me by StumbleUpon was only five characters long, and they were all alphas.  No numbers, no symbols, nothing.  And given that there’s already big news about social engineering passwords and cracking accounts in the news this week, it shouldn’t surprise me to find one more site with a really poor password policy.  And guess what, when I finally did install the toolbar and change my password, it only let’s me use letters and numbers, no symbols or special characters.  And I have to wonder if it’s not changing all the letters to lowercase behind the scenes.  Strike two, StumbleUpon.

I’m going to give the toolbar a week, just to find out what the draw is for StumbleUpon.  It’s brought be a lot of traffic in the last couple of weeks, so I figured I needed to at least know about the tool.  But I’m not happy and one more strike is all it’s going to take to make me change my password to something 20 characters long and uninstall the toolbar.  But I did give the Wassup Blog the thumbs up for telling me how to change my password.

[Slashdot] [Digg] [Reddit] [] [Facebook] [Technorati] [Google] [StumbleUpon]

3 responses so far

3 Responses to “StumbleUpon: Not impressed by security”

  1. ax0non 20 Sep 2008 at 3:10 pm

    Martin, I’ve been a lot more pleased with Delicious as of late. It integrates nicely with RSS feeds I can syndicate on my site or splice into my blog’s RSS with FeedBurner. It also has a larger following than StumbleUpon.

    I can’t say how much better it is than SU having never given SU a try, but as far as using Delicious to bookmark my own writing and things that my own readers might find interesting, Delicious is doing a fantastic job. The bookmarklet they provide lets you mark anything in-situ without installing anything, too. Boo-hiss to weak password policy and potential malware toolbar extensions.

  2. fedmichon 27 Oct 2008 at 7:37 pm

    It should be on their website! they shouldn’t force users to install their toolbar.

  3. dudeon 14 Dec 2008 at 8:09 pm

    whats the point of stumble if you dont have the toolbar

%d bloggers like this: