Sep 20 2008
I’ve avoided using StumpleUpon and most of it’s ilk for a long time. I’ve preferred to keep up to date on the news by using sites like Techmeme or by reading the long list of RSS feeds I have in Bloglines. But as of late I have been encouraged to branch out a little and start trying a few sites I wouldn’t normally use, like FriendFeed and StumbleUpon. I haven’t gotten too far into FriendFeed, but even cursory usage of StumbleUpon has left me with a bad taste in my mouth.
First off, there’s the whole dependence on the StumbleUpon toolbar. When I created the account, I told them I didn’t want the toolbar. The first time I logged in, I had to tell them again, no, I don’t want the toolbar. A couple of days later, I got an email, once again encouraging me to download and install the toolbar. I still wouldn’t have installed the toolbar if not for one simple thing: I wanted to change my password from the default they gave me. And guess what, the only way to change your password in StumbleUpon is through the toolbar. I thought that I was just being obtuse, but upon doing a Google search I found that the toolbar really is the only way to change your password. Dumb, StumbleUpon, really, really dumb. I should be able to change my password without installing the toolbar, even if you won’t let me use the majority of your features without the toolbar.
Then there’s the password itself: the password that was originally created for me by StumbleUpon was only five characters long, and they were all alphas. No numbers, no symbols, nothing. And given that there’s already big news about social engineering passwords and cracking accounts in the news this week, it shouldn’t surprise me to find one more site with a really poor password policy. And guess what, when I finally did install the toolbar and change my password, it only let’s me use letters and numbers, no symbols or special characters. And I have to wonder if it’s not changing all the letters to lowercase behind the scenes. Strike two, StumbleUpon.
I’m going to give the toolbar a week, just to find out what the draw is for StumbleUpon. It’s brought be a lot of traffic in the last couple of weeks, so I figured I needed to at least know about the tool. But I’m not happy and one more strike is all it’s going to take to make me change my password to something 20 characters long and uninstall the toolbar. But I did give the Wassup Blog the thumbs up for telling me how to change my password.
3 Responses to “StumbleUpon: Not impressed by security”