close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

WebAssist Sending Passwords in Email

Thread began 3/06/2010 6:49 pm by scott402634 | Last modified 3/16/2010 1:22 am by anonymous | 1165 views | 26 replies |

scott402634

WebAssist Sending Passwords in Email

Just purchased an extension library subscription- and got my new member confirm email: with my password in plain text in the body of the email.

I would expect webassist to know better.

Kind of lame, amateurish security...

scott

Sign in to reply to this post

Office Guy-172461

That's why it's standard practice to change your password when you first login. If they encrypted it before they sent it to you, you wouldn't be able to log in.

Click on Update login information... in your account page.

You'll find some more tips here:
10 Tips for getting quick help from a support forum
http://www.ipvac.com/kb/entry/149/

Sign in to reply to this post

neilo

Hi Scott,

I expect the armoured cars were tied up. I had a recurring problem with one or two companies who sent me mail with my actual address written on the outside of the envelope.

Sign in to reply to this post

Office Guy-172461

Always appreciate the British sense of humor, even if I have to think about it sometimes. :)

Sign in to reply to this post

anonymous

Originally Said By: neilo
  Hi Scott,

I expect the armoured cars were tied up. I had a recurring problem with one or two companies who sent me mail with my actual address written on the outside of the envelope.  



Neilo,

That's just plain funny! :D

Sign in to reply to this post

scott402634

Office Guy-

They didn't send me a temporary system generated password. They sent me the private password I had created when I set up my account. Since I just created it- what's the point of sending it out to me in unsecure email? It was a password I use in various places- its now potentially compromised.

Its been awhile since I've seen a company do that- and I'd particularly expect a techy company to know that its not considered a good security practice.

-scott

Sign in to reply to this post

Office Guy-172461

I'm sorry, I didn't realize that you only had one password. You can have one that a friend gave me a few years ago. It's hardly been used.

I pre-encrypted it for you:
f4db9fb6366d244dc12319f4d2bc2f6abe8cede1

You will have to tell WA about your new password.
Please don't share this with anyone else.

Sign in to reply to this post

scott402634

Office Guy (& Neilo)-

What's up with the mocking?

Is it OK to send out non-temporary passwords, in plain text, in unsecure email?

I actually have many passwords- and am not overly concerned about the one I used when I created for this acct. I know some people have a single password that they use for everything, including their bank accounts- and even write it down on a sticky on their office computer.

My initial post was a little mini-rant, but I didn't lose any sleep over it. However, someone at WA made a conscious choice to send out non-temp, private passwords in email- as part of the initial sign up process flow. It is unnecessary, and unsecure- so why do it?

Now on to trying out some of these new tools. Initial impression looks promising...

rgds
scott

Sign in to reply to this post

neilo

Hi Scott,

I apologise unreservedly for the tone of my post. I can attribute it (but not excuse it) to a large number of posts around that time by a few posters that were unjustifiably negative and petty about some aspects of the support here, which is generally excellent.

Not being a WA employee, but often helping out if I can, it was a laugh or cry moment for me, and my sense of humour is not as refined as it could be.

So bad timing, and my problem. Apologies.

Sign in to reply to this post

Office Guy-172461

Scott,

You sort of set the tone when you introduced yourself with this snide comment:

  Kind of lame, amateurish security...  

Imagine going into someone's home and your first comment is "that's a pretty lame lock on your door."

Just as many people would complain about not getting their login info, as would complain as you did. It is considered bad practice to reuse a password for multiple accounts so that part is not really WA's fault. The account you setup here is not that hard to fix if your password is compromised.

  sending it out to me in unsecure email?  

Think about that. This is an automated process. How would you get a password to someone? You can't assume that everyone has secure email capabilities. I would be just as annoyed if WA made me jump through hoops just to get my account info. It's not a bank account.

I gave you the link in the hopes that it would help you get off to a better start. Many people in the forums say things that I'm sure they would never say to someone in their living room. Sometimes it just gets to you.

neilo,

  my sense of humour is not as refined as it could be.  

That's what makes it interesting. It's nice to be reminded not to take things too seriously. :)

Sign in to reply to this post
loading

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...