The other day my friends were on the web ready to purchase some tickets
on-line for a concert. There was a textbox to enter their e-mail
address and another to enter a password. So they entered their e-mail
address and promptly entered their password to their Yahoo email account
and submitted it.
The web server fortunately kicked it out and said "Invalid Email
Account". They had done this several times so they asked me for help.
I asked them if they were entering the password to their Yahoo account
and they looked up at me blankly and said "Yes". I told them not to do
that...to give a unique password for that page.
Even when they did that, the server kicked them out. So I told them to
try and use their real e-mail address but NOT supply the password to
their primary account.
That worked. For this server, it did not want a YAHOO email account, it
wanted their real account which was on Comcast. I remember when a
soldier died in Iraq and the parents wanted the e-mails his son had sent
for memory purposes. Yahoo refused. It was taken up to court and Yahoo
won. If you want someone to have access to your Yahoo account after you
die, you have to give that person your password prior to passing on.
I also found it strange that YAHOO was not considered a valid e-mail
account. Who cares where the e-mail was sent to for confirmation to a
concert?
Anyway, I'm wondering how many people enter their email address and
their email passwords for their account into strange web pages? Quite a
few, I'd bet. If someone has access to this info, I bet he/she could
disrupt a lot of accounts.