Companies face a complicated choice. Make things easy for the customers, or make things secure for them.
Convenience seems to take priority most of the time. This forces companies to get their customers to risk their own security.
In this example, we see Verizon Wireless asking their customers to type their passwords into Twitter for everyone to see!
This is dangerous. It is likely that many of their customers recycle their passwords. Does the average customer know that their “billing” password is different from their account password?
Is it safe for people to post their phone numbers in public like that?
All a scammer has to do is ring the number, say “Hello Mrs Example, I’m calling from Verizon about your billing problem – let me take you through security…”
Some companies ask for the information via Direct Message. This is also problematic.
This trains customers to input their password into a 3rd party site. That’s a security risk – the password is now shared with Twitter.
If the company’s Twitter account is ever broken into, all those passwords are available in the DM history.
There is also the risk that users will accidentally paste their details for the world to see.
I know what you’re thinking – surely no one is actually dumb enough to type their password into Twitter?
But what else do we expect? Customers are trained to phish themselves in the name of convenience.
These basic security security practices should be obvious – but they clearly aren’t. Companies which ask you to breach your own security are dangerous and should be avoided.