One industry expert shows just how badly you suck at online security

IT security

Security is a mixed bag. where we once were limited to bad security practices of writing passwords on post-it notes, some have taken this same mentality online, as Troy Hunt points out.

Troy Hunt, Microsoft Regional Director and MVP for developer security, was prompted to tell a few stories after seeing this tweet:

Obviously this is a joke — from Reddit, natch. But it’s not that far off from some real security practices.

Hunt shared some doozies, including how anyone can log into your Betfair account just by knowing your email address (public information) and your date of birth (not exactly hard to find):

Another site has a rather obvious security question:

Some make it even more obvious:

I had to try one or two of the sites after he mentioned them, just to see if it was really that bad.

I can confirm that Strawberry is exactly as he describes. When you visit the beauty website, you have the option of selecting “Express Checkout,” where all you have to do is enter your email address and payment info to get things sent to you. Passwords aren’t required.

I’m not exactly a black hat extraordinaire, but even I could figure out how to charge tons of Biosilk hair product to some random person’s email address with that kind of security.

Reckon you've seen some stupid security things? Here, hold my beer... on Troy Hunt

Read next: Slack significantly reduces your chances of a workplace threesome