WebAssist Sending Passwords in Email

Just purchased an extension library subscription- and got my new member confirm email: with my password in plain text in the body of the email.

I would expect webassist to know better.

Kind of lame, amateurish security...

scott

That's why it's standard practice to change your password when you first login. If they encrypted it before they sent it to you, you wouldn't be able to log in.

Click on Update login information... in your account page.

You'll find some more tips here:
10 Tips for getting quick help from a support forum
http://www.ipvac.com/kb/entry/149/

Hi Scott,

I expect the armoured cars were tied up. I had a recurring problem with one or two companies who sent me mail with my actual address written on the outside of the envelope.

Always appreciate the British sense of humor, even if I have to think about it sometimes. :)

Originally Said By: neilo

  Hi Scott,

I expect the armoured cars were tied up. I had a recurring problem with one or two companies who sent me mail with my actual address written on the outside of the envelope.  

Neilo,

That's just plain funny! :D

Office Guy-

They didn't send me a temporary system generated password. They sent me the private password I had created when I set up my account. Since I just created it- what's the point of sending it out to me in unsecure email? It was a password I use in various places- its now potentially compromised.

Its been awhile since I've seen a company do that- and I'd particularly expect a techy company to know that its not considered a good security practice.

-scott

I'm sorry, I didn't realize that you only had one password. You can have one that a friend gave me a few years ago. It's hardly been used.

I pre-encrypted it for you:
f4db9fb6366d244dc12319f4d2bc2f6abe8cede1

You will have to tell WA about your new password.
Please don't share this with anyone else.

Office Guy (& Neilo)-

What's up with the mocking?

Is it OK to send out non-temporary passwords, in plain text, in unsecure email?

I actually have many passwords- and am not overly concerned about the one I used when I created for this acct. I know some people have a single password that they use for everything, including their bank accounts- and even write it down on a sticky on their office computer.

My initial post was a little mini-rant, but I didn't lose any sleep over it. However, someone at WA made a conscious choice to send out non-temp, private passwords in email- as part of the initial sign up process flow. It is unnecessary, and unsecure- so why do it?

Now on to trying out some of these new tools. Initial impression looks promising...

rgds
scott

Hi Scott,

I apologise unreservedly for the tone of my post. I can attribute it (but not excuse it) to a large number of posts around that time by a few posters that were unjustifiably negative and petty about some aspects of the support here, which is generally excellent.

Not being a WA employee, but often helping out if I can, it was a laugh or cry moment for me, and my sense of humour is not as refined as it could be.

So bad timing, and my problem. Apologies.

Scott,

You sort of set the tone when you introduced yourself with this snide comment:

  Kind of lame, amateurish security...  

Imagine going into someone's home and your first comment is "that's a pretty lame lock on your door."

Just as many people would complain about not getting their login info, as would complain as you did. It is considered bad practice to reuse a password for multiple accounts so that part is not really WA's fault. The account you setup here is not that hard to fix if your password is compromised.

  sending it out to me in unsecure email?  

Think about that. This is an automated process. How would you get a password to someone? You can't assume that everyone has secure email capabilities. I would be just as annoyed if WA made me jump through hoops just to get my account info. It's not a bank account.

I gave you the link in the hopes that it would help you get off to a better start. Many people in the forums say things that I'm sure they would never say to someone in their living room. Sometimes it just gets to you.

neilo,

  my sense of humour is not as refined as it could be.  

That's what makes it interesting. It's nice to be reminded not to take things too seriously. :)