Just one more thing to worry about

This pilot fish and his wife are planning a long overdue vacation to an all-inclusive resort -- one of those places where you don't have to worry about things like meals or tipping.

"I log onto the resort's Web site in order to make some reservations ahead of our arrival," fish says, "and am presented with the standard registration page."

He enters his information on the page, which also asks "for security reasons" that he set up a password.

It's not until after he has clicked "OK" that fish looks at the icon in his web browser and realizes the page isn't encrypted. He does a quick browse of the source code for the page, and finds that there's no SSL anywhere securing the data he's just typed in.

A quick call to the resort's customer service department is less than fruitful -- no surprise there. And no one will transfer him to the IT department, either.

"The icing on the cake?" says fish. "I get an e-mail from them confirming my registration -- and it contains my password in all its glory.

"Lessons learned: Never use the same password across systems. And remember that my idea of security may not match my vendor's ideas of 'security.'"

Sharky's right here all summer long. So send me your true tale of IT life at sharky@computerworld.com. You'll snag a snazzy Shark shirt if I use it. Add your comments below, and read some great old tales in the Sharkives.

Now you can post your own stories of IT ridiculousness at Shark Bait. Join today and vent your IT frustrations to people who've been there, done that.