No announcement yet.

Customer Passwords - Comments Please

  • Filter
  • Time
  • Show
Clear All
new posts

  • Customer Passwords - Comments Please

    Does anyone have any comments on the fact that we can see the customer passwords? Personally I don't like knowing what someone's password is.

    I'm the only one working at my company - so I don't have to worry about someone from my company knowing passwords - but I just don't feel comfortable knowing what they were - I wish they were encrypted.

    How to others feel about this?

    I saw one 3dCart that used zip code as the password - anyone here doing that?

    Also I noticed that the password is included in the emails for new orders etc. I didn't think emails were very secure. I realize that is easy to change in the email templates and I will probably remove that.

    Just wondering what others might be doing for customer password and how you felt about them being displayed 'everywhere'.

    Appreciate the input
    Cobweb Corner
    C Ekman
    Owner/Designer: Cobweb Corner

  • #2
    I understand your feelings, but I think the customer is trusting us with their address, CC, and other info. The password they use on our site does not really mean much since it does not mean they are using it anywhere else.

    I do agree with your comments about the emails since I had already removed this from all outgoing emails. If they don't remember it even though they just entered it they can use the handy "forgot password" function to get it.


    • #3
      that is a horrible feature of 3dcart. If I were malicious I'd be phishing everybodys email by now... i mean id bet that 90% of the users use the same password for MULTIPLE things.


      • #4
        I don't have a problem with the fact that we can see our customers passwords. The way I see it, they are trusting us with other sensitive data, what's a password. I feel the same way if viewing this from a customer perspective. I am trusting my data with a company, I am hoping they treat it in a sensitive/safe manner.

        With that being said, I think a lot of people use the same password for multiple log ins. I think a lot of people do it knowing that it isn't safe, and they probably shouldn't.

        However, I took out the log in information out of all of the emails. Emails are not overly safe and I certainly don't think log in information should be in every email sent. It's not necessary, not safe, and extreme overkill.