Convio, security and customer convenience

Transparency is one of the watchwords of corporate ethics in the charitable community. The assumption is the more we know, the less we allow bad things to thrive--"sunlight is the universal disinfectant" and all that.

Yet as we've seen time and time again, transparency only works if people understand what they see. Enron provides a telling example: their instability was laid out for all to see in their quarterly reports . . . if you had the expertise and patience to parse through the details.

The same is true when it comes to nonprofit tech. Convio, a firm that provides nonprofit donation management services, is getting hit for their handling of a security breach in which someone obtained its clients passwords, email addresses and other personal information. But as Allen Benamer observes in his Nonprofit Tech Blog--which, as the New York Times indicates, has become a hub of information and insight re l' affaire Convio--the potential for exposure to a security breach was in plain sight all along.

The telltale part: the ability to retrieve your password. Key passages below:

What is distressing is a defense of Convio by a marketer on the progressive exchange e-mail list who is claiming “that GA was using… state of the art anti-hacking tactics.” We really don’t know that yet and unencrypted passwords are truly NOT state of the art anti-hacking tactics. . . . And those of you who have survived this breach with not having to contact constituents, should immediately rescind the “privilege” of e-mailing members with their old passwords if they forget them and just create a random new password for them to login with instead.

Basically, in order to make sure that single sign-on was possible, GetActive gave users the ability to dump unencrypted passwords en masse from the system so that a nonprofit’s GetActive users could be synched with a “foreign” system. . . .The idea that there are text files out there with my username and unencrypted password on them is really annoying. This practice has to end now for all vendors selling nonprofit solutions.

My fellow nerds, geeks, and accidental techies, please be sure to tell your not-so-technical co-workers that they can no longer expect to be e-mailed their old passwords just because it’s more convenient. It was always bad practice and in a case where sometimes we can pressure vendors to accoomodate us, it was a doubly bad idea.