[kamjam]

It's scary that this kind of thing ever comes up, you would think this kind of thing is blindingly obvious. Having said said, I seem to recall even Paypal asking me to send them copies of the my passport/ID and various other info when there was an issue on my account. I can't recall whether it was by email or uploaded through their site though...

Question: Before writing these articles* does Troy Hunt go through a responsible disclosure with the businesses in question, much like you would if you found a security flaw in Microsoft/Facebook/Google/etc?

* (not this one so much, but some of the other articles he has written - eg. http://www.troyhunt.com/2013/09/web-security-dark-matter-dev...)

[danielbarla]

Having recently changed my password with PayPal, I somehow doubt they are serious about security. They enforce a maximum length limit, disallow spaces and other "non-printable" characters (!), etc.

[kamjam]

The amount of sites that disallow "special characters" is annoying me, esp when they "encourage" tough passwords... it would also be nice, before sending me a password reminder, if you reminded me of your rules of your password policy - that is often enough to trigger me to remember my password!

[joeframbach]

correct horse battery staple