« First OTB loss of 2008 | Home | Hall of Shame entry »

USCF Sales, e-mail, and passwords

By Steve | January 5, 2008

In the past I’ve generally been inclined to order chess books, supplies, etc. from the USCF. I want the organization to be successful, and I felt that purchasing from them was a tangible way to show that support.

Last month I ordered two DVDs online from USCF Sales. The online ordering process required creating a USCF Sales online account, which was kind of annoying but quite common. What really frosted me was that they sent me a plain-text e-mail with my online account information in it, including my password.

I replied, expressing my displeasure at their odious practice of sending plain-text passwords around in unsecure e-mail.

Their response? None, zip, zilch, nada, after several weeks.

OK, then. No more purchasing from USCF Sales.

4 Responses to “USCF Sales, e-mail, and passwords”

  1. Rich Dailey Says:
    January 9th, 2008 at 3:38 pm

    I’m with you on this… it’s ignorant. And USCF recently spent 50k on website redesign!

    Rich

  2. Michael Goeller Says:
    January 23rd, 2008 at 1:56 pm

    I have to agree — that’s pretty crazy. Maybe their server is not secure either? I also think their delivery charges have gotten outrageous — even if they have very speedy delivery — at least on the East Coast.

  3. Ken Ballou Says:
    February 26th, 2008 at 2:48 pm

    In no way do I mean to justify the practice of sending plaintext passwords in e-mail. However, one should note that the USCF Sales operation is actually run by ChessCafe, not the USCF. (The USCF outsources its books and equipment operation and has an arrangement with ChessCafe.) USCF has nothing to do with that server.

  4. Steve Says:
    February 26th, 2008 at 8:19 pm

    Ken—True indeed. But an organization can’t outsource responsibility for its name and reputation. Although I guess the USCF has much bigger worries at the moment regarding its reputation.

Comments