Tesco.com got themselves in hot water this week on Twitter after claiming that sending users their passwords in plain text in reminder emails was done so securely.
It just goes to show you can't trust any company - no matter how "respectable" you feel they are - with your password.
At first I thought I didn't have a Tesco.com account (I boycotted them years ago) but I went there and tried to send a password reminder to the email address I would have used if I did have an account with them.
It turns out I do have a Tesco.com account!
Not only do I have an account but it's with the password I used to use with all sites I didn't care too much about. How embarrassing.
I now no longer use that Passw0rd (which I once used to think was relatively clever and strong - doh) and have now changed my Tesco password to something unique to them and completely random. So much so that it is un-remember-able without the help of 1Password.
It's been so long since I used that Tesco account that the home address they have for me is in Sunderland (I moved to Nottingham 8 years ago yesterday!) and any card details they have will be unusable. Nevertheless it's a stark reminder of how vulnerable you are online - even when you're all smug and think you're safe, like I do.