|
#1
12-11-2009, 12:20 PM
|
|||
|
|||
What's the purpose of a password?
What's the purpose of a password if, on first mistyping it, it is automatically emailed to you, plain text, without you even requesting it?
This is currently the case with HostGator's ticket system (it seems that in other password-protected subsystems in HG password handling is done right). I would expect a professional and reputable company like HostGator to email password upon explicit request by user only. 
|
|
#2
12-11-2009, 06:35 PM
|
||||
|
||||
Re: What's the purpose of a password?
The password is emails to the email address for the account, not the person requesting it. This would only be a problem if the person making the request has already compromised your email account and gained control over it, at which time this is probably a moot point since most people use IMAP and don't delete the original email with the password in it.
__________________
Larry Brower, CCNA Linux System Administrator II Hostgator.Com, LLC 
|
|
#3
12-13-2009, 10:20 AM
|
|||
|
|||
|
Re: What's the purpose of a password?
Larry, thanks for your answer.
I am afraid, however, that I didn't make the point clear enough: The main reason for the existence of SSL is the possibility that a hacker that happens to be on on one of TCP/IP hops can intercept whatever transmission goes through its node. Slim possibility? Probably. But then why do financial institutions, ecommerce sites (and other sites handling sensitive information) insist on using SSL? These sites insist also on strict and methodical password handling. In fact, HostGator itself, in billing and admin accounts, will not email a password (clear text) unless explicitly requested by the user. There is a valid reason for this. Why not simply adopt the same practice for your ticket subsytem as well? You already have this practice established and working well in your other subsystems.
|
|
#4
12-13-2009, 06:16 PM
|
||||
|
||||
|
Re: What's the purpose of a password?
You have a good point. We are certainly concerned about security and there isn't a reason we can't include a "forgot password" link that only displays or emails the password per the user's request.
I'll pass this feedback onto our programming team.
__________________
Douglas Customer Service Manager HostGator.com LLC 1-866-96-GATOR
|
Re: What's the purpose of a password?
|
#6
12-16-2009, 10:40 PM
|
||||
|
||||
|
Re: What's the purpose of a password?
This change has been made.
 Let us know if you have any other suggestions.
__________________
Douglas Customer Service Manager HostGator.com LLC 1-866-96-GATOR
|
|
#7
12-18-2009, 07:41 AM
|
|||
|
|||
|
Re: What's the purpose of a password?
Quote:
More than just security, used to be a confusion. If you just missppell the password, it is changed and emailed to you. And if you try again with correct password, it is reset again. Thanks for listening to the customer's point . Cheers!
__________________
|
Re: What's the purpose of a password?
 |
| Bookmarks |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| My Suggestion for SECURITY PURPOSE (Dedicated Server Owner) | ownerhosting | Suggestions | 2 | 10-19-2008 05:00 AM |
All times are GMT -5. The time now is 11:08 AM.