Go Back   HostGator Peer Support Forums > Public Forums > Suggestions
Reload this Page User Passwords
Register FAQ Calendar Search Today's Posts Mark Forums Read

Notices

Reply
 
Thread Tools
  #1  
Old 12-14-2005, 01:16 PM
Jemery Jemery is offline
Hatchling Croc
  
Join Date: Nov 2005
Posts: 15
Default User Passwords
I have a suggestion - tech support should never ask for a users password. This is just bad policy - users should be trained to never give their password no matter what. And therefore tech support should never ever ask for a users password. You just don't want your tech support crew to be in the position of personally knowing user passwords.

You should either develop a way to perform task as administrators or ask a user if it is ok to modify their password while you resolve the problem. Then you would tell them the new password and they could change it.

Thanks you,
Jason Emery
galehost.com
Reply With Quote
  #2  
Old 12-15-2005, 05:33 PM
Serra's Avatar
Serra Serra is offline
Veteran Croc
  
Join Date: Feb 2005
Location: Orange Park, FL
Posts: 5,073
Default Re: User Passwords
Paypal, ebay and my bank really shouldn't have access to my password, but web hosting, of the type HG uses, requires that they have access to the reseller's system via the system password, so having HG maintain and use passwords is unavoidable.

Also, passwords are required because there is little HG can do to tell if the person contacting them is actually the right person. Requiring the system password means that the person contacting them can be verified.
Reply With Quote
  #3  
Old 12-24-2005, 02:48 PM
Jemery Jemery is offline
Hatchling Croc
  
Join Date: Nov 2005
Posts: 15
Default Re: User Passwords
Well - have to disagree. First, as a reseller, I can do most anything with my clients account by using my reseller account. In reality this should also be built in by HG - they should have SU, root or whatever account that allows them to do anything and everything I can do and then some. If it's not built in, it should be added.

Second, as a legit alternative, they should have a way for me to authorize an admin password at the time of a service request that would change my password and give them access. When they are done I would change the password back to one they do not know. (I do this anyway)

As far as telling if the person is the right person - there are many ways to do that - a phone call, a source email address and/or email confirmation - submitting a ticket via a logged-in user account... I think that would be workable.

Despite my personal annoyance, this is a huge liability for HG. Gee - I really want to read in the paper that a customer support rep stole hundreds of admin password over the last 3 years and surprisingly sold them to european hackers.

Finally - I mean really - if they need my password, why can't they just tell me what needs doing and let me do it? I could learn something at the same time!!

Just a suggestion...

Jason
Reply With Quote
  #4  
Old 12-25-2005, 08:59 AM
Serra's Avatar
Serra Serra is offline
Veteran Croc
  
Join Date: Feb 2005
Location: Orange Park, FL
Posts: 5,073
Default Re: User Passwords
Quote:
Originally Posted by Jemery
Well - have to disagree. First, as a reseller, I can do most anything with my clients account by using my reseller account. In reality this should also be built in by HG - they should have SU, root or whatever account that allows them to do anything and everything I can do and then some. If it's not built in, it should be added.
They do have root access, so true, they don't really NEED your password.

Quote:
Originally Posted by Jemery
Second, as a legit alternative, they should have a way for me to authorize an admin password at the time of a service request that would change my password and give them access. When they are done I would change the password back to one they do not know. (I do this anyway)
Feel free to do that, it really doesn't matter.



Quote:
Originally Posted by Jemery
As far as telling if the person is the right person - there are many ways to do that - a phone call, a source email address and/or email confirmation - submitting a ticket via a logged-in user account... I think that would be workable.
So, each time you send in a request they have to call you? You can only email from one account for tickets? So, each time you need to put in a ticket, you'll have to jump through a bunch of hoops? No thanks.



Quote:
Originally Posted by Jemery
Despite my personal annoyance, this is a huge liability for HG. Gee - I really want to read in the paper that a customer support rep stole hundreds of admin password over the last 3 years and surprisingly sold them to european hackers.
Keep in mind, they have the root passwords, yours has little value to hackers when they could buy the root password.



Quote:
Originally Posted by Jemery
Finally - I mean really - if they need my password, why can't they just tell me what needs doing and let me do it? I could learn something at the same time!!
If you are on a dedicated server that might work, but on a shared account, I doubt you have the access.
Reply With Quote
  #5  
Old 01-20-2006, 10:55 AM
jeepxj86 jeepxj86 is offline
Hatchling Croc
  
Join Date: Jan 2006
Posts: 17
Default Re: User Passwords
Yea,

Who said email was safe and secure?

Josh
Reply With Quote
  #6  
Old 01-20-2006, 05:10 PM
Serra's Avatar
Serra Serra is offline
Veteran Croc
  
Join Date: Feb 2005
Location: Orange Park, FL
Posts: 5,073
Default Re: User Passwords
Quote:
Originally Posted by jeepxj86
Who said email was safe and secure?
Email is routinely used for passwords. What is your point?
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

All times are GMT -5. The time now is 06:54 AM.

Contact Us - Forums Index - Archive - Privacy Statement - Top