Juno Account

E-mail verification really is a good idea

I happen to have a fairly generic Hotmail address as a ‘spare’ e-mail account, and routinely get e-mails from companies where someone has signed up to a website using my address.

The best behaved include an ‘activation link’ before the account can be used, verifying that the e-mail address really does belong to that person before allowing them to use the site. (Bonus points for including a ‘deactivation link’ in the e-mail straight away, that makes my life a lot easier.) Sadly, a great number of websites decide to take everything on trust and happily send out a welcome e-mail without doing any verification.

OK… so no big deal. The initial e-mail usually includes a username and password so I can log on, close whatever stupid account has been opened, and move on. In the rare and annoying cases where no ‘Delete my account’ is available I can always change the e-mail address (no verification, remember?) and password, ensuring it becomes a dead account that no-one has access to. Good. Shame on you for abusing my e-mail address in the first place.

Today, however, this happened with Juno Records. Not only did they happily let someone sign up to this site, they also allowed them to buy products on it, all without checking the e-mail address was genuine! It gets worse. Here’s a screenshot from the site:

Juno Account

Juno Account

Oh lovely! So you’re giving me… everything about them, plus their credit card details. Super. To be fair, the full credit card number was not printed (everything else was, though), so I couldn’t have gone off on a shopping spree on any site – but I could have changed the address and ordered away? Do you really think the holder of the account, as stupid as they might have been to sign up with my address, would be happy with that?

This is sloppy design that puts people at risk.

« | »

5 Comments on :
E-mail verification really is a good idea

  1. Will says:

    I’m gonna sound really stupid (although it is Juno Records problem) but the person who used your email address deserves that. If they use something of yours, why not use something of theirs?

    I know an email address and credit card are 2 completely different things but I would never use someone else’s email address for anything!

  2. Red Dalek says:

    Well yes, I agree. But good software should try and help even the stupidest of users, not lead them astray.

  3. Will says:

    This is good to use in that assignment Dom! I can include the end user aspect as it asks for general issues as well! Thanks…

  4. Rob says:

    If you were someone else in a simmilar situation you could have logged onto the username and effectivley ordered something if the credit card details were stored.
    Some of these companies need to spend a little time thinking!

  5. Aaron says:

    haha, one word. WOW

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.