I recently received a letter that announced my membership of some organization. I won't name this organization to protect the innocent, but it's big enough to know better.

I never requested to become a member, but they did get my personal information in a legal way. That's not the issue.
The problem is that the letter stated that my password was equal to my first name, and my username is my last name, both of which were clearly stated in that letter. For added security they asked me for my birth date. Thats not a really big secret either, and can be found on Google within a few minutes.

To add insult to injury they put the following text on their login page (my translation): "Of course all this information is protected by privacy laws and your information will only be handed over to third parties under strict conditions and your explicit permission."

I've mailed them a request to fix their system, but my experience with institutions makes me doubt that they will even understand the problem.

On the other hand, my bank (the Postbank) seems to have finally fixed their website. Until a few months ago they required IE 6 or lower (!) or FireFox 1.0 or lower (!). All acceptable browsers were at least four years old. I haven't done extensive checking, but this time I at least was able to reach their contact-form.