Instant message only passwords

Most email providers now provide instant message (IM) functionality as well. GMail has GTalk, Microsoft’s Hotmail has MSN Messenger, and so forth.

GMail accounts, in particular, are likely to contain large amounts of sensitive information. As such, it is worrisome to turn over one’s email address and password to something like a mobile phone app, so as to be able to use GTalk on the move.

I was reminded of this recently when I tried to login to Facebook Chat via Nimbuzz, an IM app for Nokia’s Symbian OS. When I tried to set up my Facebook account, Facebook warned me of how Nimbuzz would be able to access a huge heap of information about me and all of my friends. I don’t know anything about the company that makes this software: how good their security practices are, whose legal jurisdiction they fall under, how many voyeuristic employees have access to their login credential database, etc.

To reduce the level of risk associated with IM clients, I suggest that companies like Google allow users to set two passwords: one that allows access to their whole account, and another that only allows you to log into it for purposes of instant messaging. That way, if the makers of an IM client turn out to be evil or incompetent, the scope of the damage is constrained.

Author: Milan

In the spring of 2005, I graduated from the University of British Columbia with a degree in International Relations and a general focus in the area of environmental politics. In the fall of 2005, I began reading for an M.Phil in IR at Wadham College, Oxford. Outside school, I am very interested in photography, writing, and the outdoors. I am writing this blog to keep in touch with friends and family around the world, provide a more personal view of graduate student life in Oxford, and pass on some lessons I've learned here.

Leave a Reply

Your email address will not be published. Required fields are marked *