Jump to content

Email passwords

snofire

By snofire
in Troubleshooting Issues

 Share

Recommended Posts

yggdrasil Senior Member

yggdrasil

Posted
Posted (edited)
2 hours ago, VirtualWorldGlobal said:

Yes passwords should be visible on clear text...

 

 

 

 
 
 

No! Passwords should NEVER be visible in clear text. That means your passwords are not hashed and salted (which is irreversible) and you are putting customers at risk if your database gets compromised and leaked.

If you can see a user's password, then it's not a password anymore as passwords are secrets that only that person has to know. You don't need your customers passwords because you already access their accounts without one.

Edited by yggdrasil
0
Link to comment
Share on other sites
ManagedCloud-Hosting Senior Member

ManagedCloud-Hosting

Posted
Posted

@yggdrasil Thanks for the rectification :)  I was writing should** (n't)...

Isn't it already fixed, I have not seen such emails in recent times...Yes passwords shouldn't  be visible on clear text...

2 hours ago, VirtualWorldGlobal said:

Isn't it already fixed, I have not seen such emails in recent times...Yes passwords should be visible on clear text...

 

 

 

0
Link to comment
Share on other sites
HancoEuropa Member

HancoEuropa

Posted
Posted
23 hours ago, VirtualWorldGlobal said:

I think long back it used too - if I am right, you must be knowing better...

Isn't it already fixed, I have not seen such emails in recent times...Yes passwords should be visible on clear text...

My issue was that because the password e-mails were not being logged normally,I actually did have an error in the template with some smarty code ... and the error for this is not seen in Admin as normal, as the logging I think is being bypassed, or some other core function reason, no idea why the notice that the email is not being sent is not shown.

Thanks to @xyzulu's suggestion that I look in  Configuration > System Log, the errors and issues became instantly apparant as to why the password reset email was not being sent. 

 

 

0
Link to comment
Share on other sites
Si Senior Member

Si

Posted
Posted

I think we have totally missed the issue on this thread. 

Previously to v 8, our client account holders were able to add 'additional contacts' to their account.  ie a web developer with their own login and set permissions on the account.  Now, we have CONTACTS and USERS.   

This has become a serious issue for us at least in that those additional contacts who used to have access to manage the account (given the permissions ascribed to them by the account owner) no longer have that access. 

When those additional users forget / loose passwords and need to reset - they no longer receive those emails.  This is typical of a support ticket from an account holder that I receive frequently.

Quote

Our developer, John Brown - email address: john@brown.com is unable to access our account. He is a listed "Contact". He has tried resetting his password, but no email is received.

I then have to advise these customers to go to their client area and 'invite them' to their account and reset their permissions again.

I understand the logic going forward, but this has not been 'backwards compatible' and has been a complete pain in the arse.

0
Link to comment
Share on other sites
yggdrasil Senior Member

yggdrasil

Posted
Posted
1 hour ago, Si said:

I think we have totally missed the issue on this thread. 

Previously to v 8, our client account holders were able to add 'additional contacts' to their account.  ie a web developer with their own login and set permissions on the account.  Now, we have CONTACTS and USERS.   

This has become a serious issue for us at least in that those additional contacts who used to have access to manage the account (given the permissions ascribed to them by the account owner) no longer have that access. 

When those additional users forget / loose passwords and need to reset - they no longer receive those emails.  This is typical of a support ticket from an account holder that I receive frequently.

I then have to advise these customers to go to their client area and 'invite them' to their account and reset their permissions again.

I understand the logic going forward, but this has not been 'backwards compatible' and has been a complete pain in the arse.

I totally agree with you. This now creates more troubles than problems it solves. The concept and idea are great but the implementation was poorly done. Users not being able to recover their passwords just leads to more support tickets.

0
Link to comment
Share on other sites
  • 2 years later...
jwldub Junior Member

jwldub

Posted
Posted

When a user clicks 'Forgot" under the passwod field, a pop-up asks "Forgotten your password? Enter your email address below to begin the reset process. "
they enter their email address, 

They get this message " Password Reset Requested
If the email address you entered matched an existing account, please check your email for instructions on what to do next."

However the email NEVER arrives to the user.. All other site emails are successfully sent to the user; order confirmations, invoices, etc.. the only open that is not delivered i the 'Forgot Password' email.. can anyone help?

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept