Monday, August 26, 2013

This kind of thing happens too often, I'm sure.

I ran into an issue with a service that I was using earlier today.  I won't mention any names to protect the (not so) innocent, but it struck me as a pretty big security problem.

I needed to access the service's website, but I forgot the password that I used when I signed up.  Unfortunately I was with another company when I created my account, so I no longer had access to the email address I used when I created the account.  I sent them a polite message (very slightly paraphrased):

I'm trying to get access to my account. I changed jobs over the summer and no longer can access the email address myemail@somewhere.com but I'm hoping I can change the address. Thanks! 

I expected to have to call in, verify some security information, tell them something, ANYTHING to prove that I was who I said I was.  Instead, I got the following reply (to a different email address) only 92 minutes later (again, slightly paraphrased):

I am sorry to hear you are encountering issues accessing your account.  Please use the following link to provide a new password for your account.

https://a.url.where.i.can.easily.reset.my.password.with.no.further.verification.com

Once you are logged in go to "my account" and change the email address listed in your profile.

Maybe I'm reading too much into this... but in 2013, shouldn't we have better security than this?  I literally could have been ANYONE sending this message.  Fortunately there are no credit card details saved in my account, but I think this was too easy.

Do you think I'm overreacting here, or do you think companies have more of an obligation to determine identity in this situation?  Please share your comments below.

Tuesday, August 13, 2013

Simple career advice

Sometimes my students ask me, "How do I get an A in your course?" I always tell them, "Don't ask how to get an A; learn the material, and you'll get an A."  I just did a panel for the Katz MIS-MBA program and offered a similar piece of advice when asked about how to get a job.

Don't try to get a job; figure out what you want to do, learn as much as you can, and you'll get a job.
I don't have any hard data to back it up, but I've found most of my best students are the ones that really are passionate about programming and technology.  I always have students that are only interested in getting an A, but I think the students that are the most memorable (and I'm guessing the ones that end up being the most effective in their careers) are the ones that really enjoy what they're doing and are doing everything they can to learn everything about the subject.  They're never interested in getting the best grade, they're interested in doing.

Be passionate about what you do, or do what you're passionate about. I think that the people who work on something they enjoy, something they believe in - they're the effective ones, and I'm guessing that they're the happiest in their careers. 

If you're only interested in getting a job, what do you do once you get one?