Actually, you probably shouldn’t trust any company with your data, but I have a special reason for asking this.

The Herald is part of, and a base for, a media conglomerate that operates regional newspapers all over New Zealand. We have a physical subscription to one of these but I often view the on-line summary as well.

I finally decided that it might be worthwhile taking advantage of the digital free full version our subscription entitles us to, so I registered. What I got back on the email account I registered with, in plain text, was a confirmation email that included all my registration details, along with my password. Yep, plain text, clear as day, no attempt at security of any kind. I know this used to be common practice, but I thought companies had learned better by now. The registration page was secure, and so is the login page, but what do they do with my password after I log in? It makes one wonder.

Of course the information in that email is not a path to anything important in itself, but it does raise questions about the company's overall security awareness. Although the email I received was in the name of my local paper, it came from subscriptions@nzme.co.nz. So am I right to consider this inexcusably sloppy, or am I overreacting?