So, I got an email today inviting me to come back to Audible and get a free audiobook download. I clicked on their ad and tried my old Audible login (I had cancelled my account a while ago because I just didn't buy audiobooks). My usual login didn't work, so I used the "forgot password" link. When I got the email, I clicked on the "click here" link and reset my password. I used a quickie 6 character password and was happy to see the "your password has been reset" message.
Next, I tried to login, but it said my password was incorrect. Hmmm, I supposed I might have typed it in wrong, so I went through the same process again (starting with the Audible email). I used the same 6 character password and did the old watch-every-keystroke-as-I-type. Again, I got the message "your password has been reset". I tried logging in, but it still said my password was incorrect. I was still hungry for a free audiobook, so I decided to try one more time. The third time through, I noticed the bullet list below the password text boxes saying that it needed to be 8 characters or more in length. Ok, being a programmer, I can understand missing some error checking code that makes sure the contents of a text box conform to a certain format. Fine, fine. But I can also understand the gravity of making such a stupid mistake on a password reset form of all places! So I used a longer password. Finally, I was able to login.
This is when I noticed the title graphic with the words "Audible, an Amazon company". Suddenly, a little birdie on my shoulder whispered the thought "maybe you just reset your Amazon password too". Sure enough, I had changed it to some obscure throw-away password that I wasn't really planning on using, since all I wanted from Audible was a free audiobook. Then I felt a little embarrassed, since I surely must have missed the big, ugly Amazon logo somewhere during the password reset process. So I went through it again. No Amazon logo. The only hint that you were changing your Amazon password was the following text (it was in bold, but on the far right of the screen so I didn't see it): Remember, you'll also use this new password on Amazon.com
Since I use my Amazon account a lot, I wanted to change my password back, so I went to Amazon and reset my password. Interestingly, while Audible required the 8 character minimum, Amazon.com did not, even though they show exactly the same password requirements in a bulleted list on each site.
While there is a lot to love about Amazon, it makes me wonder if my credit card information is safe with a company that gives so little TLC to their password management system.