Jump to content

Recommended Posts

2 hours ago, VirtualWorldGlobal said:

Yes passwords should be visible on clear text...

 

 

 

 
 
 

No! Passwords should NEVER be visible in clear text. That means your passwords are not hashed and salted (which is irreversible) and you are putting customers at risk if your database gets compromised and leaked.

If you can see a user's password, then it's not a password anymore as passwords are secrets that only that person has to know. You don't need your customers passwords because you already access their accounts without one.

Edited by yggdrasil

Share this post


Link to post
Share on other sites

@yggdrasil Thanks for the rectification :)  I was writing should** (n't)...

Isn't it already fixed, I have not seen such emails in recent times...Yes passwords shouldn't  be visible on clear text...

2 hours ago, VirtualWorldGlobal said:

Isn't it already fixed, I have not seen such emails in recent times...Yes passwords should be visible on clear text...

 

 

 

Share this post


Link to post
Share on other sites
23 hours ago, VirtualWorldGlobal said:

I think long back it used too - if I am right, you must be knowing better...

Isn't it already fixed, I have not seen such emails in recent times...Yes passwords should be visible on clear text...

My issue was that because the password e-mails were not being logged normally,I actually did have an error in the template with some smarty code ... and the error for this is not seen in Admin as normal, as the logging I think is being bypassed, or some other core function reason, no idea why the notice that the email is not being sent is not shown.

Thanks to @xyzulu's suggestion that I look in  Configuration > System Log, the errors and issues became instantly apparant as to why the password reset email was not being sent. 

 

 

Share this post


Link to post
Share on other sites

I think we have totally missed the issue on this thread. 

Previously to v 8, our client account holders were able to add 'additional contacts' to their account.  ie a web developer with their own login and set permissions on the account.  Now, we have CONTACTS and USERS.   

This has become a serious issue for us at least in that those additional contacts who used to have access to manage the account (given the permissions ascribed to them by the account owner) no longer have that access. 

When those additional users forget / loose passwords and need to reset - they no longer receive those emails.  This is typical of a support ticket from an account holder that I receive frequently.

Quote

Our developer, John Brown - email address: john@brown.com is unable to access our account. He is a listed "Contact". He has tried resetting his password, but no email is received.

I then have to advise these customers to go to their client area and 'invite them' to their account and reset their permissions again.

I understand the logic going forward, but this has not been 'backwards compatible' and has been a complete pain in the arse.

Share this post


Link to post
Share on other sites
1 hour ago, Si said:

I think we have totally missed the issue on this thread. 

Previously to v 8, our client account holders were able to add 'additional contacts' to their account.  ie a web developer with their own login and set permissions on the account.  Now, we have CONTACTS and USERS.   

This has become a serious issue for us at least in that those additional contacts who used to have access to manage the account (given the permissions ascribed to them by the account owner) no longer have that access. 

When those additional users forget / loose passwords and need to reset - they no longer receive those emails.  This is typical of a support ticket from an account holder that I receive frequently.

I then have to advise these customers to go to their client area and 'invite them' to their account and reset their permissions again.

I understand the logic going forward, but this has not been 'backwards compatible' and has been a complete pain in the arse.

I totally agree with you. This now creates more troubles than problems it solves. The concept and idea are great but the implementation was poorly done. Users not being able to recover their passwords just leads to more support tickets.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated