As part of our bank account "goodies" we get a subscription to a service called CardPatrol - all good so far.

But when you sign up they send you a email with your password - and this is when it gets less good.

As this password has been transmitted in a unsecure email a good practice would be to use this as a one-time password and then let the user change the password as soon as s/he has secure access to the site. But not so fast - as the following paragraph states :

NOTE: your username and password are CaSe sensitive. For security purposes, users may not change their assigned passwords. This practice insures that a password you have used at another site or account will not be used to gain un-permitted access to your Card Patrol account. We also recommend never reusing a password.

What!

So they compromise your security immediately?

Not terribly good - I am so far unimpressed.

UPDATE

When you log in to their site the FAQ say

Q. I was issued a password by Card Patrol when I initially setup my monitoring. How do I change this password?

A. Simply go to the My Account section and update your password to something more memorable. We would always suggest using a combination of letters and numbers to make your password more secure.

I immediately tried this - and it works, so their security is good enough for me!

Technorati Tags: Array ramblings Web