I was reading with interest an article on Coding Horror about how people freely pass around usernames and passwords on the internet. The author, Jeff, used the example of Facebook which offers to search your email address book to see if any of your contacts are also on Facebook. The only snag is that you have to give Facebook your email address password.

I have to admit that I have done this once in the past when I was setting up my Facebook account - but I immediately changed the email password afterwards. I'm afraid I don't trust other websites with my passwords, no matter how trustworthy they claim to be. Maybe I'm just paranoid but I always have this "Big Brother" mentality (from 1984, not the stupid TV programme!) that my usernames and passwords are being collected in some huge central database for nefarious purposes.

So although I have used Facebook's service and others like it, I have always changed the passwords afterwards. You should too. It pays to be suspicious.

I'm not sure though about the merits of a centralised log-in system to do away with all the various log-ins that we currently have. Microsoft tried it with their now-defunct Passport system (now resurrected as Windows Live ID) but probably flunked because no-one wanted to trust Microsoft with that much sensitive information. The whole concept would collapse due to an issue of trust - who would run such a centralised system and can we trust them not to abuse it? I for one would be extremely hesitant to participate. I'd rather keep my encrypted password folder.